-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : wget Version : 1.13.4-3+deb7u4 CVE ID : CVE-2017-6508 Debian Bug : #857073
It was discovered that there was a header injection vulnerability in wget (a tool to retrieve files from the web) which allowed remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. For Debian 7 "Wheezy", this issue has been fixed in wget version 1.13.4-3+deb7u4. We recommend that you upgrade your wget packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljBLt8ACgkQHpU+J9Qx Hli1HhAAk+WM8qYGqUg1n2NA7BTEFzDWZYSMkRZ0w1NIOHlyUuBo1iM8Kejb7IpR TqZ7PLrA+0FaUwHiloeBcIkkrvG8qorMPdVK3YazR1jr34Q0AJmp0mPc9ZFvFsNU WjnYQa4MoIatUV5+Q8a5VT9gt8c+7NoucsZtyvuYs2/8uJ9MXb0UNRgZ28QGxJNV SsMufjQotDgnNlbsRIc4xYkfsUUEOwDjlzLKYB55+5x1JfGhvMrNdzi5JTCbxhfl O6op/y8KAn8TY5l0IvmqvCLd2jUxrqusVaQ5LDgKCboZodcLNmh7El6JVgfvbHb6 ehz2MyMfik/aWmiv/eM0V/xRIS48SwFGKsU/lA2fdvCvK/uRvHazj8Yh0Hv5222e 1y00ZRgK9G0LxWf7SsfY6vB9wkI4psfiHJaZxRT8xukt4aYmwWCIcovPT8Hb67Cn 3Y9qNZElRpqtCIq8T4AO3U93Kj04K1LdDWOLKWRmlp9eUoGencZuEC67Q5Y3Om4n BeLDNiCscArMTAk3h7/gSbOzyqD6pTz777EZhzoJEIrlCOUibsxUvq1K7bgYNzfd eAaIS5AvoT5gOysXssAe2kBotqZ3lLILV0rJ6UVcDGXaOCDX/doDfTRnF/BP9uBD 7DIwiqw29XjxUp+znV/AsdTCjxw9IoiGKBz9GAFRCLrrBvxQQ94= =JUyW -----END PGP SIGNATURE-----