-
Tue Apr 02 2024 Alan Steinberg <alan.steinberg@oracle.com> - 7.61.1-33.5
- cap SFTP packet size sent (RHEL-5485)
- when keyboard-interactive auth fails, try password (#2229800)
- unify the upload/method handling (CVE-2023-28322)
- fix cookie injection with none file (CVE-2023-38546)
- lowercase the domain names before PSL checks (CVE-2023-46218)
-
Tue Jun 27 2023 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-33
- fix host name wildcard checking (CVE-2023-28321)
- rebuild certs with 2048-bit RSA keys
-
Thu Apr 20 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-32
- sftp: do not specify O_APPEND when not in append mode (#2187717)
-
Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-31
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
- fix FTP too eager connection reuse (CVE-2023-27535)
-
Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
-
Tue Feb 07 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-29
- h2: lower initial window size to 32 MiB (#2166254)
-
Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-28
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
-
Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-27
- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)
-
Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-26
- control code in cookie denial of service (CVE-2022-35252)
-
Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25
- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)