[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wget 1.19.2 released

From: Tim Rühsen
Subject: Wget 1.19.2 released
Date: Thu, 26 Oct 2017 20:40:00 +0200
User-agent: KMail/5.2.3 (Linux/4.13.0-1-amd64; KDE/5.37.0; x86_64; ; )


we are pleased to announce the new version of GNU wget 1.19.2.

GNU Wget is a free utility for non-interactive download of files from the Web.
It supports HTTP(S), and FTP(S) protocols, as well as retrieval through HTTP

This version fixes CVE-2017-13089 and CVE-2017-13090.
The vulnerabilities were found by Antti Levomäki, Christian Jalio, and Joonas 
Pihlaja from Forcepoint.
Thanks go to the Finnish National Cyber Security Centre for coordination.
More info at

This version also introduces Content-Encoding 'gzip' and
several bugs fixes and many smaller improvements.

Many thanks go to all the contributors and list activists !

Contributors (from the git log):
Adam Sampson
Anton Yuzhaninov                                                                
Antti Levomäki, Christian Jalio, Joonas Pihlaja from Forcepoint                 
Benjamin Esham                                                                  
Christof Horschitz
Darshit Shah
Deian Stefan, Atyansh Jaiswal, Jonathan Luck
Gisle Vanem
Josef Moellers
Juhani Eronen from Finnish National Cyber Security Centre
Ludovic Courtès 
Mike Frysinger
Mojca Miklavec
Noël Köthe
Orange Tsai
Tim Landscheidt
Tim Rühsen
Tim Schlueter
Tomas Hozza
Vijo Cherian
YX Hao

The new version is available for download here:

and the GPG detached signatures using the key 0x08302DB6A2670428:

To reduce load on the main server, you can use this redirector service
which automatically redirects you to a mirror:

Noteworthy changes:

* Fix CVE-2017-13089 (Stack overflow in HTTP protocol handling)

* Fix CVE-2017-13090 (Heap overflow in HTTP protocol handling)

* New option --compression for gzip Content-Encoding

* New option --[no]-netrc to control .netrc parsing

* Added GNU extensions to .netrc parsing

* Improved IDNA 2003 compatibility

* Fix VPATH issues

* Improved and extended the test suite

* Support Wayback Machine's X-Archive-Orig-last-modified

* Several bug fixes

Please report any problem you may experience to the address@hidden
mailing list.

For the maintainers of Wget,
Tim Rühsen

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]