[ol8_baseos_latest] libcurl-minimal-7.61.1-30.el8_8.2.x86_64

This is a replacement of the 'libcurl' package for minimal installations.  It
comes with a limited set of features compared to the 'libcurl' package.  On the
other hand, the package is smaller and requires fewer run-time dependencies to
be installed.

Changelog (Show File list) (Show related packages)

• Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.2

  - sftp: do not specify O_APPEND when not in append mode (#2187717)

• Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30.el8_8.1

  - fix FTP too eager connection reuse (CVE-2023-27535)

• Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30

  - fix HTTP multi-header compression denial of service (CVE-2023-23916)

• Tue Feb 07 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-29

  - h2: lower initial window size to 32 MiB (#2166254)

• Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-28

  - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)

• Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-27

  - upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)

• Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-26

  - control code in cookie denial of service (CVE-2022-35252)

• Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25

  - setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
  - fix HTTP compression denial of service (CVE-2022-32206)
  - fix FTP-KRB bad message verification (CVE-2022-32208)

• Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-24

  - fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
  - fix invalid type in printf() argument detected by Coverity

• Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-23

  - fix credential leak on redirect (CVE-2022-27774)
  - fix auth/cookie leak on redirect (CVE-2022-27776)
  - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)