-
Wed Mar 06 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-29
- rebuild for 9.4 GA
-
Tue Oct 10 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-28
- return error if hostname too long for remote resolve (CVE-2023-38545)
- fix cookie injection with none file (CVE-2023-38546)
- cap SFTP packet size sent (RHEL-14697)
- lowercase the domain names before PSL checks (CVE-2023-46218)
-
Tue Sep 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-27
- when keyboard-interactive auth fails, try password (#2229800)
-
Mon Jun 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-26
- unify the upload/method handling (CVE-2023-28322)
- fix host name wildcard checking (CVE-2023-28321)
-
Wed Apr 12 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-25
- adapt the fix of CVE-2023-27535 for RHEL 9 curl
-
Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24
- fix SSH connection too eager reuse still (CVE-2023-27538)
- fix GSS delegation too eager connection re-use (CVE-2023-27536)
- fix FTP too eager connection reuse (CVE-2023-27535)
- fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
- fix TELNET option IAC injection (CVE-2023-27533)
-
Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23
- fix HTTP multi-header compression denial of service (CVE-2023-23916)
-
Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-22
- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
-
Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-21
- fix POST following PUT confusion (CVE-2022-32221)
-
Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-20
- control code in cookie denial of service (CVE-2022-35252)