Repository 32bit  Forum
Repository 64bit  Wiki
Mon Jun 13 07:07:39 UTC 2016
patches/packages/wget-1.18-i486-1_slack14.1.txz: Upgraded.
  This version fixes a security vulnerability present in all old versions
  of wget. On a server redirect from HTTP to a FTP resource, wget would
  trust the HTTP server and use the name in the redirected URL as the
  destination filename. This behaviour was changed and now it works
  similarly as a redirect from HTTP to another HTTP resource so the original
  name is used as the destination file. To keep the previous behaviour the
  user must provide --trust-server-names.
  The vulnerability was discovered by Dawid Golunski and was reported by
  Beyond Security's SecuriTeam.
  For more information, see:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
  (* Security fix *)