wget (1.19.1-3ubuntu1.1) artful-security; urgency=medium

  * SECURITY UPDATE: stack overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13089.patch: return error on negative chunk
      size in src/http.c.
    - CVE-2017-13089
  * SECURITY UPDATE: heap overflow in HTTP protocol handling
    - debian/patches/CVE-2017-13090.patch: stop processing on negative
      chunk size in src/retr.c.
    - CVE-2017-13090

 -- Marc Deslauriers <email address hidden>  Mon, 23 Oct 2017 15:17:58 -0400

Marc Deslauriers
Ubuntu Developers
Medium Urgency

wget_1.19.1.orig.tar.xz 2.0 MiB 0c950b9671881222a4d385b013c9604e98a8025d1988529dfca0e93617744cd2
wget_1.19.1-3ubuntu1.1.debian.tar.xz 23.1 KiB fd7fb38c8ca7c6e2153b882e755887c154272529fddd353d3347a9d553418c81
wget_1.19.1-3ubuntu1.1.dsc 1.9 KiB ab4454ddc43064a4557622e2d65e886ea8af3a7c345d5434ed5d9050802cd1f6

wget: retrieves files from the web

 Wget is a network utility to retrieve files from the web
 using HTTP(S) and FTP, the two most widely used internet
 protocols. It works non-interactively, so it will work in
 the background, after having logged off. The program supports
 recursive retrieval of web-authoring pages as well as FTP
 sites -- you can use Wget to make mirrors of archives and
 home pages or to travel the web like a WWW robot.
 Wget works particularly well with slow or unstable connections
 by continuing to retrieve a document until the document is fully
 downloaded. Re-getting files from where it left off works on
 servers (both HTTP and FTP) that support it. Both HTTP and FTP
 retrievals can be time stamped, so Wget can see if the remote
 file has changed since the last retrieval and automatically
 retrieve the new version if it has.
 Wget supports proxy servers; this can lighten the network load,
 speed up retrieval, and provide access behind firewalls.

wget-udeb: retrieves files from the web

 This package provides wget.gnu binary as alternative to the limited
 implementation in busybox (see for example ssl support).