-
Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22.el8_6.3
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
-
Wed May 04 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22.el8_6.2
- fix invalid type in printf() argument detected by Coverity
-
Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22.el8_6.1
- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
-
Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22
- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)
-
Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21
- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
CVE-2021-22923 - metalink download sends credentials
CVE-2021-22922 - wrong content via metalink not discarded
-
Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-20
- fix a cppcheck's false positive in 0029-curl-7.61.1-CVE-2021-22876.patch
-
Fri Apr 23 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-19
- make `curl --head file://` work as expected (#1947493)
- prevent automatic referer from leaking credentials (CVE-2021-22876)
-
Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18
- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)
-
Thu Nov 12 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-17
- validate an ssl connection using an intermediate certificate (#1895355)
-
Fri Nov 06 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-16
- fix multiarch conflicts in libcurl-minimal (#1895391)