Commit Graph

150 Commits

Author SHA1 Message Date
Jacek Migacz
81fc40841c Rebase to version 8.9.1
Resolves: RHEL-50806
2024-08-01 13:02:11 +02:00
Jan Macku
98780da3f8 new upstream release - 8.6.0
Resolves: CVE-2024-0853 - OCSP verification bypass with TLS session reuse
2024-02-01 15:11:39 +01:00
Jan Macku
7d149f66f5 new upstream release - 8.5.0
Resolves: CVE-2023-46218 - cookie mixed case PSL bypass
Resolves: CVE-2023-46219 - HSTS long file name clears contents
2023-12-06 12:29:18 +01:00
Jan Macku
cb17cbc66a new upstream release - 8.4.0
Resolves: CVE-2023-38545 - SOCKS5 heap buffer overflow
Resolves: CVE-2023-38546 - cookie injection with none file
2023-10-11 15:36:19 +02:00
Jan Macku
dd8c36f3ea new upstream release - 8.3.0
Resolves: CVE-2023-38039 - HTTP headers eat all memory
2023-09-13 10:33:22 +02:00
Lukáš Zaoral
b64627ff52
new upstream release - 8.2.1
Resolves: rhbz#2226659
2023-07-26 12:40:15 +02:00
Jan Macku
de1364bf2c new upstream release - 8.2.0
Resolves: CVE-2023-32001 - fopen race condition
2023-07-19 13:44:49 +02:00
Jan Macku
f91221e9d7 new upstream release - 8.1.2
Resolves: #2210976
2023-05-30 10:05:35 +02:00
Jan Macku
d31965bf5b new upstream release - 8.1.1
Resolves: #2209217
2023-05-23 10:07:28 +02:00
Kamil Dudka
c0b70e927f new upstream release - 8.1.0
Resolves: CVE-2023-28321 - IDN wildcard match
Resolves: CVE-2023-28322 - more POST-after-PUT confusion
2023-05-17 09:42:41 +02:00
Kamil Dudka
c96705f9dc new upstream release - 8.0.1 2023-03-20 15:56:09 +01:00
Kamil Dudka
7b0a4d3dfc new upstream release - 8.0.0
Resolves: CVE-2023-27538 - SSH connection too eager reuse still
Resolves: CVE-2023-27537 - HSTS double-free
Resolves: CVE-2023-27536 - GSS delegation too eager connection re-use
Resolves: CVE-2023-27535 - FTP too eager connection reuse
Resolves: CVE-2023-27534 - SFTP path ~ resolving discrepancy
Resolves: CVE-2023-27533 - TELNET option IAC injection
2023-03-20 13:46:30 +01:00
Kamil Dudka
d5c1163ef3 new upstream release - 7.88.1 2023-02-20 14:42:32 +01:00
Kamil Dudka
98c91c9f34 new upstream release - 7.88.0
Resolves: CVE-2023-23916 - HTTP multi-header compression denial of service
Resolves: CVE-2023-23915 - HSTS amnesia with --parallel
Resolves: CVE-2023-23914 - HSTS ignored on multiple requests
2023-02-15 10:06:24 +01:00
Kamil Dudka
60cc0c5574 new upstream release - 7.87.0
Resolves: CVE-2022-43552 - HTTP Proxy deny use-after-free
Resolves: CVE-2022-43551 - Another HSTS bypass via IDN
2022-12-21 13:51:32 +01:00
Kamil Dudka
3501daee0b new upstream release - 7.86.0
Resolves: CVE-2022-42916 - HSTS bypass via IDN
Resolves: CVE-2022-42915 - HTTP proxy double-free
Resolves: CVE-2022-35260 - .netrc parser out-of-bounds access
Resolves: CVE-2022-32221 - POST following PUT confusion
2022-10-26 14:27:26 +02:00
Kamil Dudka
1322e86ddb new upstream release - 7.85.0
Resolves: CVE-2022-35252 - control code in cookie denial of service
2022-09-01 14:13:21 +02:00
Kamil Dudka
a4ed273b19 new upstream release - 7.84.0
Resolves: CVE-2022-32207 - Unpreserved file permissions
Resolves: CVE-2022-32205 - Set-Cookie denial of service
Resolves: CVE-2022-32206 - HTTP compression denial of service
Resolves: CVE-2022-32208 - FTP-KRB bad message verification
2022-06-27 13:00:50 +02:00
Kamil Dudka
4ad1229e9d new upstream release - 7.83.1
Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
Resolves: CVE-2022-27779 - do not accept cookies for TLD with trailing dot
Resolves: CVE-2022-27778 - do not remove wrong file on error
Resolves: CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
Resolves: CVE-2022-27780 - reject percent-encoded path separator in URL host
2022-05-11 10:03:28 +02:00
Kamil Dudka
f17162c526 new upstream release - 7.83.0
Resolves: CVE-2022-27774 - curl credential leak on redirect
Resolves: CVE-2022-27776 - curl auth/cookie leak on redirect
Resolves: CVE-2022-27775 - curl bad local IPv6 connection reuse
Resolves: CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
2022-04-27 13:52:54 +02:00
Kamil Dudka
4f4da0817d new upstream release - 7.82.0 2022-03-05 11:17:52 +01:00
Kamil Dudka
3e801a6f9f new upstream release - 7.81.0 2022-01-05 09:35:58 +01:00
Kamil Dudka
ef0743b641 new upstream release - 7.80.0 2021-11-10 09:03:50 +01:00
Kamil Dudka
407e3960e4 new upstream release - 7.79.1 2021-09-22 09:16:36 +02:00
Kamil Dudka
d02617d325 new upstream release - 7.79.0
Resolves: CVE-2021-22947 - STARTTLS protocol injection via MITM
Resolves: CVE-2021-22946 - protocol downgrade required TLS bypassed
Resolves: CVE-2021-22945 - use-after-free and double-free in MQTT sending
2021-09-15 09:09:11 +02:00
Kamil Dudka
64bcb4bcc1 new upstream release - 7.78.0
Resolves: CVE-2021-22925 - TELNET stack contents disclosure again
Resolves: CVE-2021-22924 - bad connection reuse due to flawed path name checks
Resolves: CVE-2021-22923 - metalink download sends credentials
Resolves: CVE-2021-22922 - wrong content via metalink not discarded
2021-07-21 10:22:33 +02:00
Kamil Dudka
4c89d92ee7 new upstream release - 7.77.0
Resolves: CVE-2021-22901 - TLS session caching disaster
Resolves: CVE-2021-22898 - TELNET stack contents disclosure
2021-05-26 09:20:35 +02:00
Kamil Dudka
bf8bb4b5b4 new upstream release - 7.76.1 2021-04-14 09:54:33 +02:00
Kamil Dudka
a0d250c162 new upstream release - 7.76.0
Resolves: CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
Resolves: CVE-2021-22876 - Automatic referer leaks credentials
2021-03-31 10:47:25 +02:00
Kamil Dudka
7dada590f2 new upstream release - 7.75.0 2021-02-03 09:07:33 +01:00
Kamil Dudka
c829072f9f new upstream release - 7.74.0
Resolves: CVE-2020-8286 - curl: Inferior OCSP verification
Resolves: CVE-2020-8285 - libcurl: FTP wildcard stack overflow
Resolves: CVE-2020-8284 - curl: trusting FTP PASV responses
2020-12-09 11:13:15 +01:00
Kamil Dudka
a15dd89aaa new upstream release - 7.73.0 2020-10-14 10:31:57 +02:00
Kamil Dudka
e7a12a6b7b new upstream release - 7.72.0
Resolves: CVE-2020-8231 - libcurl: wrong connect-only connection
2020-08-19 12:29:51 +02:00
Kamil Dudka
6071e0dd16 new upstream release - 7.71.1 2020-07-01 09:26:44 +02:00
Kamil Dudka
8c661bb9d7 new upstream release - 7.71.0
Resolves: CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect
Resolves: CVE-2020-8177 - curl: overwrite local file with -J
2020-06-24 10:03:56 +02:00
Kamil Dudka
c88a6aff30 new upstream release - 7.70.0 2020-04-29 14:59:25 +02:00
Kamil Dudka
ac5c236f18 new upstream release - 7.69.1 2020-03-11 10:23:53 +01:00
Kamil Dudka
249d0aea51 new upstream release - 7.69.0 2020-03-04 11:41:43 +01:00
Kamil Dudka
dfb411a0a2 new upstream release - 7.68.0 2020-01-08 09:52:29 +01:00
Kamil Dudka
c667b141d6 new upstream release - 7.67.0 2019-11-06 09:26:57 +01:00
Kamil Dudka
da9af16256 new upstream release - 7.66.0
Resolves: CVE-2019-5481 - double free due to subsequent call of realloc()
Resolves: CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
2019-09-12 15:20:21 +02:00
Paul Howarth
a5c984a590 new upstream release - 7.65.3 2019-07-20 12:02:57 +01:00
Kamil Dudka
6e794d5beb new upstream release - 7.65.2 2019-07-17 10:34:24 +02:00
Kamil Dudka
901da63160 new upstream release - 7.65.1 2019-06-05 09:33:30 +02:00
Kamil Dudka
3c7950da77 new upstream release - 7.65.0
Resolves: CVE-2019-5436 - TFTP receive buffer overflow
Resolves: CVE-2019-5435 - integer overflows in curl_url_set()
2019-05-22 10:42:26 +02:00
Kamil Dudka
bbad3e0a62 new upstream release - 7.64.1 2019-03-27 12:45:46 +01:00
Kamil Dudka
2bdb624139 new upstream release - 7.64.0
Resolves: CVE-2019-3823 - SMTP end-of-response out-of-bounds read
Resolves: CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
Resolves: CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
2019-02-06 09:56:05 +01:00
Kamil Dudka
a94ce82de0 new upstream release - 7.63.0 2018-12-12 09:51:10 +01:00
Kamil Dudka
34a4d8f848 new upstream release - 7.62.0
Resolves: CVE-2018-16839 - SASL password overflow via integer overflow
Resolves: CVE-2018-16840 - use-after-free in handle close
Resolves: CVE-2018-16842 - warning message out-of-buffer read
2018-10-31 12:47:56 +01:00
Kamil Dudka
20b63790e4 new upstream release - 7.61.1
Resolves: CVE-2018-14618 - NTLM password overflow via integer overflow
2018-09-05 10:03:29 +02:00