{"id":"MGASA-2016-0323","summary":"Updated wget packages fix security vulnerability","details":"GNU wget before 1.18 allows remote servers to write to arbitrary files by\nredirecting a request from HTTP to a crafted FTP resource (CVE-2016-4971).\n\nFixed a potential race condition by creating files with .tmp ext and\nmaking them accessible to the current user only (CVE-2016-7098).\n","modified":"2026-02-01T03:12:13.257721Z","published":"2016-09-28T05:59:24Z","related":["CVE-2016-4971","CVE-2016-7098"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0323.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18671"},{"type":"REPORT","url":"http://www.ubuntu.com/usn/usn-3012-1"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html"}],"affected":[{"package":{"name":"wget","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/wget?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.15-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0323.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}