[ol8_baseos_latest] libcurl-minimal-7.61.1-18.el8_4.2.x86_64

Name:	libcurl-minimal
Version:	7.61.1
Release:	18.el8_4.2
Architecture:	x86_64
Group:	Unspecified
Size:	552008
License:	MIT
RPM:	libcurl-minimal-7.61.1-18.el8_4.2.x86_64.rpm
Source RPM:	curl-7.61.1-18.el8_4.2.src.rpm
Build Date:	Tue Nov 02 2021
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	Conservatively configured build of libcurl for minimal installations
Description:	This is a replacement of the 'libcurl' package for minimal installations. It comes with a limited set of features compared to the 'libcurl' package. On the other hand, the package is smaller and requires fewer run-time dependencies to be installed.

Changelog (Show File list) (Show related packages)

Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18.el8_4.2

- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18.el8_4.1

- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded

Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18

- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)

Thu Nov 12 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-17

- validate an ssl connection using an intermediate certificate (#1895355)

Fri Nov 06 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-16
```
- fix multiarch conflicts in libcurl-minimal (#1895391)
```

Tue Nov 03 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-15

- do not crash when HTTPS_PROXY and NO_PROXY are used together (#1873327)
- libcurl: wrong connect-only connection (CVE-2020-8231)

Tue Jul 28 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-14
```
- avoid overwriting a local file with -J (CVE-2020-8177)
```
Wed Jul 15 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-13
```
- load built-in openssl engines (#1854369)
```

Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-12

- double free due to subsequent call of realloc() (CVE-2019-5481)
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
- fix TFTP receive buffer overflow (CVE-2019-5436)

Mon May 13 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-11

- rebuild with updated annobin to prevent Execshield RPMDiff check from failing