ID | 48251 |
Package Name | curl |
Version | 7.76.1 |
Release | 23.el9sopt_901 |
Epoch | |
Source | git+https://gitlab.com/redhat/centos-stream/rpms/curl#27cd06402088d97fee559f5b33006d2f2a41c3d1 |
Summary |
Description |
Built by | tdawson |
State |
complete
|
Volume |
DEFAULT |
Started | Thu, 15 Jun 2023 01:22:09 UTC |
Completed | Thu, 15 Jun 2023 02:42:21 UTC |
Task | build (isa9s-packages-optimized-el9sopt, /redhat/centos-stream/rpms/curl:27cd06402088d97fee559f5b33006d2f2a41c3d1) |
Extra | {'source': {'original_url': 'git+https://gitlab.com/redhat/centos-stream/rpms/curl#27cd06402088d97fee559f5b33006d2f2a41c3d1'}} |
Tags |
|
RPMs |
src | |
|
curl-7.76.1-23.el9sopt_901.src.rpm (info) (download) |
x86_64 |
|
curl-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
curl-minimal-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
libcurl-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
libcurl-devel-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
libcurl-minimal-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
curl-debuginfo-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
curl-debugsource-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
curl-minimal-debuginfo-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
libcurl-debuginfo-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
libcurl-minimal-debuginfo-7.76.1-23.el9sopt_901.x86_64.rpm (info) (download)
|
|
Logs |
|
Changelog |
* Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
* Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-22
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
* Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-21
- fix POST following PUT confusion (CVE-2022-32221)
* Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-20
- control code in cookie denial of service (CVE-2022-35252)
* Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19
- fix unpreserved file permissions (CVE-2022-32207)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)
* Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-18
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
* Mon May 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-17
- fix leak of SRP credentials in redirects (CVE-2022-27774)
* Fri Apr 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-16
- add missing tests to Makefile
* Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-15
- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix bad local IPv6 connection reuse (CVE-2022-27775)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
* Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14
- re-disable HSTS in libcurl as an experimental feature (#2005874)
* Mon Oct 04 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-13
- disable more protocols and features in libcurl-minimal (#2005874)
* Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-12
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)
- fix use-after-free and double-free in MQTT sending (CVE-2021-22945)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.76.1-11
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 7.76.1-10
- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
* Fri Jul 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-9
- make explicit dependency on openssl work with alpha/beta builds of openssl
* Wed Jul 21 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-8
- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.76.1-6
- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065
* Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.77.0-5
- build the curl tool without metalink support (#1967213)
* Wed Jun 02 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-4
- fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925)
* Wed May 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-3
- fix TLS session caching disaster (CVE-2021-22901)
- fix TELNET stack contents disclosure (CVE-2021-22898)
* Mon May 03 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-2
- http2: fix resource leaks detected by Coverity
* Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-1
- new upstream release
* Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
CVE-2021-22876 - Automatic referer leaks credentials
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.75.0-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Mar 24 2021 Kamil Dudka <kdudka@redhat.com> - 7.75.0-3
- fix SIGSEGV upon disconnect of a ldaps:// transfer (#1941925)
* Tue Feb 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.75.0-2
- build-require python3-impacket only on Fedora
|