-
Mon Nov 23 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-14.el8_3.1
- do not crash when HTTPS_PROXY and NO_PROXY are used together (#1873327)
-
Tue Jul 28 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-14
- avoid overwriting a local file with -J (CVE-2020-8177)
-
Wed Jul 15 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-13
- load built-in openssl engines (#1854369)
-
Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-12
- double free due to subsequent call of realloc() (CVE-2019-5481)
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
- fix TFTP receive buffer overflow (CVE-2019-5436)
-
Mon May 13 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-11
- rebuild with updated annobin to prevent Execshield RPMDiff check from failing
-
Fri May 10 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-10
- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)
- fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
- fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)
-
Mon Feb 18 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-9
- do not let libssh create a new socket for SCP/SFTP (#1669156)
-
Fri Jan 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-8
- curl -J: do not append to the destination file (#1660827)
-
Thu Nov 15 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-7
- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
-
Mon Nov 05 2018 Kamil Dudka <kdudka@redhat.com> - 7.61.1-6
- SASL password overflow via integer overflow (CVE-2018-16839)
- fix use-after-free in handle close (CVE-2018-16840)
- fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)