Accepted wget 1.13.4-3+deb7u3 (source i386) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 Jun 2016 18:00:14 +0200
Source: wget
Binary: wget
Architecture: source i386
Version: 1.13.4-3+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Noël Köthe <noel@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
wget - retrieves files from the web
Closes: 827003
Changes:
wget (1.13.4-3+deb7u3) wheezy-security; urgency=high
.
* Non-maintainer upload by the Debian LTS Team
* CVE-2016-4971
On a server redirect from HTTP to a FTP resource, wget would trust
the HTTP server and uses the name in the redirected URL as the
destination filename.
This behaviour was changed and now it works similarly as a redirect
from HTTP to another HTTP resource so the original name is used as
the destination file. To keep the previous behaviour the user must
provide --trust-server-names.
(Closes: #827003)
Checksums-Sha1:
61f14240fa6024dceb3267b296150e6da3891430 1884 wget_1.13.4-3+deb7u3.dsc
e25e1b487026ddd9026ca7d26af21f044c884d28 2815185 wget_1.13.4.orig.tar.gz
91531fff640992e81b119d22b29da22a3f769209 29300 wget_1.13.4-3+deb7u3.debian.tar.gz
8c2b2be0813c014967b08acdead9f71393e07145 765556 wget_1.13.4-3+deb7u3_i386.deb
Checksums-Sha256:
bf30d2f5910579e2a999825354dcaedc57a0b23bf79e4abe8e7bb0f9e813b658 1884 wget_1.13.4-3+deb7u3.dsc
24c7710bc9f220ce23d8a9e0f5673b0efc1cace62db6de0239b5863ecc934dcd 2815185 wget_1.13.4.orig.tar.gz
9755af458594927093d2275fc78c3935cc0fcc426f03b444629587beb7a5fae5 29300 wget_1.13.4-3+deb7u3.debian.tar.gz
ad638926136e26a0632289e02191e658c69d8c74054a2a7e9ea7fa648404d0d8 765556 wget_1.13.4-3+deb7u3_i386.deb
Files:
087144b0e42df8bb146db05a897f9917 1884 web important wget_1.13.4-3+deb7u3.dsc
1df489976a118b9cbe1b03502adbfc27 2815185 web important wget_1.13.4.orig.tar.gz
dbe62a45ec38a8b5ecc6cc780bb853e2 29300 web important wget_1.13.4-3+deb7u3.debian.tar.gz
8e77a27d28ca99e829f3b240ff4790a8 765556 web important wget_1.13.4-3+deb7u3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJXdVjXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHKycQAKU2RSxUJ6D3eZlGbw/Xvw97
eN91y6ZS1gHbpLjWE0VcG2CmWz1EkRlwYzk/CRDWsbClGGlb8dr1RiGJVV6gaLS9
8TUkbOEHMreyijAzO456ewtpYubNexsnMcvieq+ohme+O5xGdMCW/VHevlk14ayI
ZJEoRChcJioKTwgRZaPP+CoF6mKd6QSHnhctSzOnWLLdnv7KJafHbJBBrSkaKwKR
x8r5CVRfXz0WxA+7pMeHkd2RR5r0sHTfzwPh0Ddd53LC0GFVSXiMNYLRiY0Ho3w2
xj0oxEqSBvtsJko9660rC483f+wRunuomfzEfp01LUwPYMcYJabG0cxieSY4Jpxm
Qet1EfNqp1CZWa/c+AY+x1IIQ/5BYYLNAJLX1aViuiZehOK7zXdll14/ZLVIN7ym
8Y76ugYshDqnfwLEWdvaENGRGKtsrMUK4XxgkJRcRqVLJ8oup+U5Mc4P8j3fmx2A
dxgKuk9FQz4RAgiOT40LBaG8a0/cOQ9c5GOAoCVuSNc/jRWw+OjniaGEIWh8HadZ
Vv8qriYgCmMMszQ1Um/+7uzs37p53VGF9zLJGEQq1Hd50y5bqBG3/Nd5Io+DbBBg
U3F2OojKFdmmx/f/jRaWJLEWcUev313+PGSvjbcjOzJS6ndPhQybb1nfS+KLuaUp
YPo3ZcTPLYHA5umEmKto
=L6+N
-----END PGP SIGNATURE-----
Reply to: