{"affected":[{"ecosystem_specific":{"binaries":[{"libwget4":"2.2.1-bp160.1.1","wget2":"2.2.1-bp160.1.1","wget2-devel":"2.2.1-bp160.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"wget2","purl":"pkg:rpm/opensuse/wget2&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.1-bp160.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for wget2 fixes the following issues:\n\nChanges in wget2:\n\n- Update to release 2.2.1\n  * Fix file overwrite issue with metalink [CVE-2025-69194 bsc#1255728]\n  * Fix remote buffer overflow in get_local_filename_real()\n    [CVE-2025-69195 bsc#1255729]\n  * Fix a redirect/mirror regression from 400713ca\n  * Use the local system timestamp when requested via\n    --no-use-server-timestamps\n  * Prevent file truncation with --no-clobber\n  * Improve messages about why URLs are not being followed\n  * Fix metalink with -O/--output-document\n  * Fix sorting of metalink mirrors by priority\n  * Add --show-progress to improve backwards compatibility to wget\n  * Fix buffer overflow in wget_iri_clone() after\n    wget_iri_set_scheme()\n  * Allow 'no_' prefix in config options\n  * Use libnghttp2 for HTTP/2 testing\n  * Set exit status to 8 on 403 response code\n  * Fix convert-links\n  * Fix --server-response for HTTP/1.1\n\n- Update to release 2.2.0\n  * Don't truncate file when -c and -O are combined\n  * Don't log URI userinfo to logs\n  * Fix downloading multiple files via HTTP/2\n  * Support connecting with HTTP/1.0 proxies\n  * Ignore 1xx HTTP responses for HTTP/1.1\n  * Disable TCP Fast Open by default\n  * Fix segfault when OCSP response is missing\n  * Add libproxy support\n","id":"openSUSE-SU-2026:20038-1","modified":"2026-01-14T13:23:53Z","published":"2026-01-14T13:23:53Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1255728"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255729"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-69194"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-69195"}],"related":["CVE-2025-69194","CVE-2025-69195"],"summary":"Security update for wget2","upstream":["CVE-2025-69194","CVE-2025-69195"]}