new upstream release - 7.83.1

Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
Resolves: CVE-2022-27779 - do not accept cookies for TLD with trailing dot
Resolves: CVE-2022-27778 - do not remove wrong file on error
Resolves: CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
Resolves: CVE-2022-27780 - reject percent-encoded path separator in URL host
This commit is contained in:
Kamil Dudka 2022-05-11 10:02:14 +02:00
parent f17162c526
commit 4ad1229e9d
2 changed files with 11 additions and 3 deletions

View File

@ -1,6 +1,6 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.83.0 Version: 7.83.1
Release: 1%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Source0: https://curl.se/download/%{name}-%{version}.tar.xz Source0: https://curl.se/download/%{name}-%{version}.tar.xz
@ -411,6 +411,14 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.1-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
CVE-2022-27779 - do not accept cookies for TLD with trailing dot
CVE-2022-27778 - do not remove wrong file on error
CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
CVE-2022-27780 - reject percent-encoded path separator in URL host
* Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1 * Wed Apr 27 2022 Kamil Dudka <kdudka@redhat.com> - 7.83.0-1
- new upstream release, which fixes the following vulnerabilities - new upstream release, which fixes the following vulnerabilities
CVE-2022-27774 - curl credential leak on redirect CVE-2022-27774 - curl credential leak on redirect

View File

@ -1,2 +1,2 @@
SHA512 (curl-7.83.0.tar.xz) = be02bb2a8a3140eff3a9046f27cd4f872ed9ddaa644af49e56e5ef7dfec84a15b01db133469269437cddc937eda73953fa8c51bb758f7e98873822cd2290d3a9 SHA512 (curl-7.83.1.tar.xz) = 2f63327d6d3687ba36fb7b8d5d3d15599eca33ebfb08681613612ea9c4b629d3b6ce4d2742fa1ebd7a997ed332001d3a4c798985f9277c83b9e7a9aecdb1b1ee
SHA512 (curl-7.83.0.tar.xz.asc) = 8fb90f9692f4fdb82ea49f0e5151219b2334da5d3910f28e787bb688fb055b8b028ccf75cdcc15cd9f86d780d479f88f902fef7d7b9e007a4b849cb25c6c13cc SHA512 (curl-7.83.1.tar.xz.asc) = f0d29de315488c844eb81ed5a89ed6334910970224c8cac43e7e6f2d58c35ad0064c0b6122e69b3a34ce91f4b56873c63e2e8aea1c602ef40711bfd62a01b191