SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libcurl-7.82.0-14.fc36.i686.rpm :

* Fri Mar 24 2023 Kamil Dudka - 7.82.0-14- fix SSH connection too eager reuse still (CVE-2023-27538)- fix GSS delegation too eager connection re-use (CVE-2023-27536)- fix FTP too eager connection reuse (CVE-2023-27535)- fix SFTP path ~ resolving discrepancy (CVE-2023-27534)- fix TELNET option IAC injection (CVE-2023-27533)
* Wed Feb 15 2023 Kamil Dudka - 7.82.0-13- fix HTTP multi-header compression denial of service (CVE-2023-23916)
* Wed Dec 21 2022 Kamil Dudka - 7.82.0-12- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)- http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
* Thu Nov 24 2022 Kamil Dudka - 7.82.0-11- enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Nov 21 2022 Kamil Dudka - 7.82.0-10- http2: make nghttp2 less picky about field whitespace (#2144277)
* Wed Oct 26 2022 Kamil Dudka - 7.82.0-9- url: use IDN decoded names for HSTS checks (CVE-2022-42916)- http_proxy: restore the protocol pointer on error (CVE-2022-42915)- netrc: replace fgets with Curl_get_line (CVE-2022-35260)- fix POST following PUT confusion (CVE-2022-32221)
* Fri Sep 02 2022 Kamil Dudka - 7.82.0-8- control code in cookie denial of service (CVE-2022-35252)
* Mon Jul 18 2022 Kamil Dudka - 7.82.0-7- fix build failure with gnutls backend enabled
* Wed Jun 29 2022 Kamil Dudka - 7.82.0-6- fix unpreserved file permissions (CVE-2022-32207)- fix Set-Cookie denial of service (CVE-2022-32205)- fix HTTP compression denial of service (CVE-2022-32206)- fix FTP-KRB bad message verification (CVE-2022-32208)
* Wed May 11 2022 Kamil Dudka - 7.82.0-5- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)- do not accept cookies for TLD with trailing dot (CVE-2022-27779)- hsts: ignore trailing dots when comparing hosts names (CVE-2022-30115)- reject percent-encoded path separator in URL host (CVE-2022-27780)
* Mon May 02 2022 Kamil Dudka - 7.82.0-4- fix leak of SRP credentials in redirects (CVE-2022-27774)
* Thu Apr 28 2022 Kamil Dudka - 7.82.0-3- fix credential leak on redirect (CVE-2022-27774)- fix auth/cookie leak on redirect (CVE-2022-27776)- fix bad local IPv6 connection reuse (CVE-2022-27775)- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
* Tue Mar 15 2022 Kamil Dudka - 7.82.0-2- openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure
* Sat Mar 05 2022 Kamil Dudka - 7.82.0-1- new upstream release
* Thu Jan 20 2022 Fedora Release Engineering - 7.81.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 05 2022 Kamil Dudka - 7.81.0-1- new upstream release
* Sun Nov 14 2021 Paul Howarth - 7.80.0-2- sshserver.pl (used in test suite) now requires the Digest::SHA perl module
* Wed Nov 10 2021 Kamil Dudka - 7.80.0-1- new upstream release
* Tue Oct 26 2021 Kamil Dudka - 7.79.1-3- re-enable HSTS in libcurl-minimal as a security feature (#2005874)
* Mon Oct 04 2021 Kamil Dudka - 7.79.1-2- disable more protocols and features in libcurl-minimal (#2005874)
* Wed Sep 22 2021 Kamil Dudka - 7.79.1-1- new upstream release
* Thu Sep 16 2021 Kamil Dudka - 7.79.0-4- fix regression in http2 implementation introduced in the last release
* Thu Sep 16 2021 Sahana Prasad - 7.79.0-3- Rebuilt with OpenSSL 3.0.0
* Thu Sep 16 2021 Kamil Dudka - 7.79.0-2- make SCP/SFTP tests work with openssh-8.7p1
* Wed Sep 15 2021 Kamil Dudka - 7.79.0-1- new upstream release, which fixes the following vulnerabilities CVE-2021-22947 - STARTTLS protocol injection via MITM CVE-2021-22946 - protocol downgrade required TLS bypassed CVE-2021-22945 - use-after-free and double-free in MQTT sending
* Tue Sep 14 2021 Sahana Prasad - 7.78.0-4- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Kamil Dudka - 7.78.0-3- make explicit dependency on openssl work with alpha/beta builds of openssl
* Wed Jul 21 2021 Fedora Release Engineering - 7.78.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 21 2021 Kamil Dudka - 7.78.0-1- new upstream release, which fixes the following vulnerabilities CVE-2021-22925 - TELNET stack contents disclosure again CVE-2021-22924 - bad connection reuse due to flawed path name checks CVE-2021-22923 - metalink download sends credentials CVE-2021-22922 - wrong content via metalink not discarded
* Wed Jun 02 2021 Kamil Dudka - 7.77.0-2- build the curl tool without metalink support (#1967213)
* Wed May 26 2021 Kamil Dudka - 7.77.0-1- new upstream release, which fixes the following vulnerabilities CVE-2021-22901 - TLS session caching disaster CVE-2021-22898 - TELNET stack contents disclosure
* Mon May 03 2021 Kamil Dudka - 7.76.1-2- http2: fix resource leaks detected by Coverity
* Wed Apr 14 2021 Kamil Dudka - 7.76.1-1- new upstream release
* Wed Mar 31 2021 Kamil Dudka - 7.76.0-1- new upstream release, which fixes the following vulnerabilities CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup CVE-2021-22876 - Automatic referer leaks credentials
* Wed Mar 24 2021 Kamil Dudka - 7.75.0-3- fix SIGSEGV upon disconnect of a ldaps:// transfer
  
ICM