—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4008-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 28, 2017 https://www.debian.org/security/faq
– ————————————————————————-

Package : wget
CVE ID : CVE-2017-13089 CVE-2017-13090

Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen
discovered two buffer overflows in the HTTP protocol handler of the Wget
download tool, which could result in the execution of arbitrary code
when connecting to a malicious HTTP server.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.16-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1.18-5+deb9u1.

We recommend that you upgrade your wget packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAln0lUcACgkQEMKTtsN8
TjY0dQ/+JZcnuMZsE6GwzeL8XzW6yFZKcXv3r/nrUhkcPCInu22SI2IypQRsetNh
OFayY1N4OSEoK0uILSr5gpbPmoLDhwhV60cL7ah/gNHPH0wR1Ep42Uj+QA41dV1V
NjxJ8YmZYvK23GXPDg7Cn+jZ0+/rVuHbYiYK0wONbGCfZxQmr7fZqUBvQXgOZl3A
q9A2fAqCHU+n+qZ/qnrP5nEYWu04fbFPhndtfLmxJceiduQWQLGzTiouDfWzOk5H
mL9FHf0/DLpWpIPJNAxbscUVVzTKX4OZIGYgMJ/oqVDPkgbpqxlxNZTOwQdAKsBr
dJU55sa7schNAHbFw36WkGULuE1bt7Q/ULm9YLZ/7a/twYJt0khRp/uX39fn1UmJ
KAkMGS3beAwjaCuWf6WaZ3yWQoMhHHkEayMmCu7uLK099HHsGHoM1jTdzlv6Iaxx
4zl22Mk6oflNwcDpn9ee9DawrOTH5bGFW9LSqjv28VWqTy0WQK4wxzS678vY7oSa
QqBAQdLtkJUKAnZduV10HlobjmLAUh3TNsMwXsNRQNsTHnaUPC6FM61Gw/25QC6I
QzD2tEysftFMNexDRK04rqym7P44HxjinTn/8HcyrIrjUxQOb2egiTpilcgAwkgN
HJo13HGzN1Gm3tCT160haEy0q8IRSWAlKUDTCQVAHNO/IqGsYWg=
=JZ34
—–END PGP SIGNATURE—–