Ubuntu Security Notice 982-1 – It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/93459/USN-982-1.txt
Source: https://packetstormsecurity.com/files/93459/Ubuntu-Security-Notice-982-1.html