Jacek Migacz
81fc40841c
Rebase to version 8.9.1
...
Resolves: RHEL-50806
2024-08-01 13:02:11 +02:00
Jan Macku
98780da3f8
new upstream release - 8.6.0
...
Resolves: CVE-2024-0853 - OCSP verification bypass with TLS session reuse
2024-02-01 15:11:39 +01:00
Jan Macku
7d149f66f5
new upstream release - 8.5.0
...
Resolves: CVE-2023-46218 - cookie mixed case PSL bypass
Resolves: CVE-2023-46219 - HSTS long file name clears contents
2023-12-06 12:29:18 +01:00
Jan Macku
cb17cbc66a
new upstream release - 8.4.0
...
Resolves: CVE-2023-38545 - SOCKS5 heap buffer overflow
Resolves: CVE-2023-38546 - cookie injection with none file
2023-10-11 15:36:19 +02:00
Jan Macku
dd8c36f3ea
new upstream release - 8.3.0
...
Resolves: CVE-2023-38039 - HTTP headers eat all memory
2023-09-13 10:33:22 +02:00
Lukáš Zaoral
b64627ff52
new upstream release - 8.2.1
...
Resolves: rhbz#2226659
2023-07-26 12:40:15 +02:00
Jan Macku
de1364bf2c
new upstream release - 8.2.0
...
Resolves: CVE-2023-32001 - fopen race condition
2023-07-19 13:44:49 +02:00
Jan Macku
f91221e9d7
new upstream release - 8.1.2
...
Resolves : #2210976
2023-05-30 10:05:35 +02:00
Jan Macku
d31965bf5b
new upstream release - 8.1.1
...
Resolves : #2209217
2023-05-23 10:07:28 +02:00
Kamil Dudka
c0b70e927f
new upstream release - 8.1.0
...
Resolves: CVE-2023-28321 - IDN wildcard match
Resolves: CVE-2023-28322 - more POST-after-PUT confusion
2023-05-17 09:42:41 +02:00
Kamil Dudka
c96705f9dc
new upstream release - 8.0.1
2023-03-20 15:56:09 +01:00
Kamil Dudka
7b0a4d3dfc
new upstream release - 8.0.0
...
Resolves: CVE-2023-27538 - SSH connection too eager reuse still
Resolves: CVE-2023-27537 - HSTS double-free
Resolves: CVE-2023-27536 - GSS delegation too eager connection re-use
Resolves: CVE-2023-27535 - FTP too eager connection reuse
Resolves: CVE-2023-27534 - SFTP path ~ resolving discrepancy
Resolves: CVE-2023-27533 - TELNET option IAC injection
2023-03-20 13:46:30 +01:00
Kamil Dudka
d5c1163ef3
new upstream release - 7.88.1
2023-02-20 14:42:32 +01:00
Kamil Dudka
98c91c9f34
new upstream release - 7.88.0
...
Resolves: CVE-2023-23916 - HTTP multi-header compression denial of service
Resolves: CVE-2023-23915 - HSTS amnesia with --parallel
Resolves: CVE-2023-23914 - HSTS ignored on multiple requests
2023-02-15 10:06:24 +01:00
Kamil Dudka
60cc0c5574
new upstream release - 7.87.0
...
Resolves: CVE-2022-43552 - HTTP Proxy deny use-after-free
Resolves: CVE-2022-43551 - Another HSTS bypass via IDN
2022-12-21 13:51:32 +01:00
Kamil Dudka
3501daee0b
new upstream release - 7.86.0
...
Resolves: CVE-2022-42916 - HSTS bypass via IDN
Resolves: CVE-2022-42915 - HTTP proxy double-free
Resolves: CVE-2022-35260 - .netrc parser out-of-bounds access
Resolves: CVE-2022-32221 - POST following PUT confusion
2022-10-26 14:27:26 +02:00
Kamil Dudka
1322e86ddb
new upstream release - 7.85.0
...
Resolves: CVE-2022-35252 - control code in cookie denial of service
2022-09-01 14:13:21 +02:00
Kamil Dudka
a4ed273b19
new upstream release - 7.84.0
...
Resolves: CVE-2022-32207 - Unpreserved file permissions
Resolves: CVE-2022-32205 - Set-Cookie denial of service
Resolves: CVE-2022-32206 - HTTP compression denial of service
Resolves: CVE-2022-32208 - FTP-KRB bad message verification
2022-06-27 13:00:50 +02:00
Kamil Dudka
4ad1229e9d
new upstream release - 7.83.1
...
Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
Resolves: CVE-2022-27779 - do not accept cookies for TLD with trailing dot
Resolves: CVE-2022-27778 - do not remove wrong file on error
Resolves: CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
Resolves: CVE-2022-27780 - reject percent-encoded path separator in URL host
2022-05-11 10:03:28 +02:00
Kamil Dudka
f17162c526
new upstream release - 7.83.0
...
Resolves: CVE-2022-27774 - curl credential leak on redirect
Resolves: CVE-2022-27776 - curl auth/cookie leak on redirect
Resolves: CVE-2022-27775 - curl bad local IPv6 connection reuse
Resolves: CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
2022-04-27 13:52:54 +02:00
Kamil Dudka
4f4da0817d
new upstream release - 7.82.0
2022-03-05 11:17:52 +01:00
Kamil Dudka
3e801a6f9f
new upstream release - 7.81.0
2022-01-05 09:35:58 +01:00
Kamil Dudka
ef0743b641
new upstream release - 7.80.0
2021-11-10 09:03:50 +01:00
Kamil Dudka
407e3960e4
new upstream release - 7.79.1
2021-09-22 09:16:36 +02:00
Kamil Dudka
d02617d325
new upstream release - 7.79.0
...
Resolves: CVE-2021-22947 - STARTTLS protocol injection via MITM
Resolves: CVE-2021-22946 - protocol downgrade required TLS bypassed
Resolves: CVE-2021-22945 - use-after-free and double-free in MQTT sending
2021-09-15 09:09:11 +02:00
Kamil Dudka
64bcb4bcc1
new upstream release - 7.78.0
...
Resolves: CVE-2021-22925 - TELNET stack contents disclosure again
Resolves: CVE-2021-22924 - bad connection reuse due to flawed path name checks
Resolves: CVE-2021-22923 - metalink download sends credentials
Resolves: CVE-2021-22922 - wrong content via metalink not discarded
2021-07-21 10:22:33 +02:00
Kamil Dudka
4c89d92ee7
new upstream release - 7.77.0
...
Resolves: CVE-2021-22901 - TLS session caching disaster
Resolves: CVE-2021-22898 - TELNET stack contents disclosure
2021-05-26 09:20:35 +02:00
Kamil Dudka
bf8bb4b5b4
new upstream release - 7.76.1
2021-04-14 09:54:33 +02:00
Kamil Dudka
a0d250c162
new upstream release - 7.76.0
...
Resolves: CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
Resolves: CVE-2021-22876 - Automatic referer leaks credentials
2021-03-31 10:47:25 +02:00
Kamil Dudka
7dada590f2
new upstream release - 7.75.0
2021-02-03 09:07:33 +01:00
Kamil Dudka
c829072f9f
new upstream release - 7.74.0
...
Resolves: CVE-2020-8286 - curl: Inferior OCSP verification
Resolves: CVE-2020-8285 - libcurl: FTP wildcard stack overflow
Resolves: CVE-2020-8284 - curl: trusting FTP PASV responses
2020-12-09 11:13:15 +01:00
Kamil Dudka
a15dd89aaa
new upstream release - 7.73.0
2020-10-14 10:31:57 +02:00
Kamil Dudka
e7a12a6b7b
new upstream release - 7.72.0
...
Resolves: CVE-2020-8231 - libcurl: wrong connect-only connection
2020-08-19 12:29:51 +02:00
Kamil Dudka
6071e0dd16
new upstream release - 7.71.1
2020-07-01 09:26:44 +02:00
Kamil Dudka
8c661bb9d7
new upstream release - 7.71.0
...
Resolves: CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect
Resolves: CVE-2020-8177 - curl: overwrite local file with -J
2020-06-24 10:03:56 +02:00
Kamil Dudka
c88a6aff30
new upstream release - 7.70.0
2020-04-29 14:59:25 +02:00
Kamil Dudka
ac5c236f18
new upstream release - 7.69.1
2020-03-11 10:23:53 +01:00
Kamil Dudka
249d0aea51
new upstream release - 7.69.0
2020-03-04 11:41:43 +01:00
Kamil Dudka
dfb411a0a2
new upstream release - 7.68.0
2020-01-08 09:52:29 +01:00
Kamil Dudka
c667b141d6
new upstream release - 7.67.0
2019-11-06 09:26:57 +01:00
Kamil Dudka
da9af16256
new upstream release - 7.66.0
...
Resolves: CVE-2019-5481 - double free due to subsequent call of realloc()
Resolves: CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
2019-09-12 15:20:21 +02:00
Paul Howarth
a5c984a590
new upstream release - 7.65.3
2019-07-20 12:02:57 +01:00
Kamil Dudka
6e794d5beb
new upstream release - 7.65.2
2019-07-17 10:34:24 +02:00
Kamil Dudka
901da63160
new upstream release - 7.65.1
2019-06-05 09:33:30 +02:00
Kamil Dudka
3c7950da77
new upstream release - 7.65.0
...
Resolves: CVE-2019-5436 - TFTP receive buffer overflow
Resolves: CVE-2019-5435 - integer overflows in curl_url_set()
2019-05-22 10:42:26 +02:00
Kamil Dudka
bbad3e0a62
new upstream release - 7.64.1
2019-03-27 12:45:46 +01:00
Kamil Dudka
2bdb624139
new upstream release - 7.64.0
...
Resolves: CVE-2019-3823 - SMTP end-of-response out-of-bounds read
Resolves: CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
Resolves: CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
2019-02-06 09:56:05 +01:00
Kamil Dudka
a94ce82de0
new upstream release - 7.63.0
2018-12-12 09:51:10 +01:00
Kamil Dudka
34a4d8f848
new upstream release - 7.62.0
...
Resolves: CVE-2018-16839 - SASL password overflow via integer overflow
Resolves: CVE-2018-16840 - use-after-free in handle close
Resolves: CVE-2018-16842 - warning message out-of-buffer read
2018-10-31 12:47:56 +01:00
Kamil Dudka
20b63790e4
new upstream release - 7.61.1
...
Resolves: CVE-2018-14618 - NTLM password overflow via integer overflow
2018-09-05 10:03:29 +02:00