It was discovered that wget, a command line tool for downloading files from the WWW, uses server-provided file names when creating local files. This may lead to code execution in some scenarios. After this update, wget will ignore server-provided file names. You can restore the old behavior in cases where it is not desirable by invoking wget with the new --use-server-file-name option. For the stable distribution (lenny), this problem has been fixed in version 1.11.4-2+lenny2. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your wget package.
It was discovered that wget, a command line tool for downloading files from the WWW, uses server-provided file names when creating local files. This may lead to code execution in some scenarios.
After this update, wget will ignore server-provided file names. You can restore the old behavior in cases where it is not desirable by invoking wget with the new --use-server-file-name option.
For the stable distribution (lenny), this problem has been fixed in version 1.11.4-2+lenny2.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your wget package.
MD5 checksums of the listed files are available in the original advisory.