[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [ANNOUNCEMENT] New release 1.19.5 of GNU Wget
From: |
Tim Rühsen |
Subject: |
[Bug-wget] [ANNOUNCEMENT] New release 1.19.5 of GNU Wget |
Date: |
Sun, 6 May 2018 19:03:36 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
Hello,
we are pleased to announce the new version of GNU wget 1.19.5.
GNU Wget is a free utility for non-interactive download of files from
the Web.
It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP
proxies.
This version fixes CVE-2018-0494 (Cookie injection vulnerability) found
by Harry Sintonen.
This version fixes several issues, mostly found by OSS-Fuzz.
It also introduces TLS1.3 with OpenSSL, a new option --ciphers and
updates the CSS grammar to version 2.2.
Many thanks go to all the contributors and list activists !
The new version is available for download here:
https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz
https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.lz
and the GPG detached signatures using the key 0x08302DB6A2670428:
https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz.sig
https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.lz.sig
To reduce load on the main server, you can use this redirector service
which automatically redirects you to a mirror:
https://ftpmirror.gnu.org/wget/wget-1.19.5.tar.gz
https://ftpmirror.gnu.org/wget/wget-1.19.5.tar.lz
Noteworthy changes:
* Fix cookie injection (CVE-2018-0494)
* Enable TLS1.3 with recent OpenSSL environment
* New option --ciphers to set GnuTLS / OpenSSL ciphers directly
* Updated CSS grammar to CSS 2.2
* Fixed several memleaks found by OSS-Fuzz
* Fixed several buffer overflows found by OSS-Fuzz
* Fixed several integer overflows found by OSS-Fuzz
* Several minor bug fixes
Please report any problem you may experience to the address@hidden
mailing list.
For the maintainers of Wget,
Tim Rühsen
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug-wget] [ANNOUNCEMENT] New release 1.19.5 of GNU Wget,
Tim Rühsen <=