Changelog for
libcurl-minimal-7.76.1-29.el9_4.i686.rpm :
* Wed Mar 06 2024 Jacek Migacz
- 7.76.1-29- rebuild for 9.4 GA
* Tue Oct 10 2023 Jacek Migacz - 7.76.1-28- return error if hostname too long for remote resolve (CVE-2023-38545)- fix cookie injection with none file (CVE-2023-38546)- cap SFTP packet size sent (RHEL-14697)- lowercase the domain names before PSL checks (CVE-2023-46218)
* Tue Sep 12 2023 Jacek Migacz - 7.76.1-27- when keyboard-interactive auth fails, try password (#2229800)
* Mon Jun 12 2023 Jacek Migacz - 7.76.1-26- unify the upload/method handling (CVE-2023-28322)- fix host name wildcard checking (CVE-2023-28321)
* Wed Apr 12 2023 Kamil Dudka - 7.76.1-25- adapt the fix of CVE-2023-27535 for RHEL 9 curl
* Fri Mar 24 2023 Kamil Dudka - 7.76.1-24- fix SSH connection too eager reuse still (CVE-2023-27538)- fix GSS delegation too eager connection re-use (CVE-2023-27536)- fix FTP too eager connection reuse (CVE-2023-27535)- fix SFTP path ~ resolving discrepancy (CVE-2023-27534)- fix TELNET option IAC injection (CVE-2023-27533)
* Wed Feb 15 2023 Kamil Dudka - 7.76.1-23- fix HTTP multi-header compression denial of service (CVE-2023-23916)
* Wed Dec 21 2022 Kamil Dudka - 7.76.1-22- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
* Wed Oct 26 2022 Kamil Dudka - 7.76.1-21- fix POST following PUT confusion (CVE-2022-32221)
* Fri Sep 02 2022 Kamil Dudka - 7.76.1-20- control code in cookie denial of service (CVE-2022-35252)
* Wed Jun 29 2022 Kamil Dudka - 7.76.1-19- fix unpreserved file permissions (CVE-2022-32207)- fix HTTP compression denial of service (CVE-2022-32206)- fix FTP-KRB bad message verification (CVE-2022-32208)
* Wed May 11 2022 Kamil Dudka - 7.76.1-18- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
* Mon May 02 2022 Kamil Dudka - 7.76.1-17- fix leak of SRP credentials in redirects (CVE-2022-27774)
* Fri Apr 29 2022 Kamil Dudka - 7.76.1-16- add missing tests to Makefile
* Thu Apr 28 2022 Kamil Dudka - 7.76.1-15- fix credential leak on redirect (CVE-2022-27774)- fix auth/cookie leak on redirect (CVE-2022-27776)- fix bad local IPv6 connection reuse (CVE-2022-27775)- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)