[ol9_baseos_latest] curl-minimal-7.76.1-19.el9_1.2.x86_64

This is a replacement of the 'curl' package for minimal installations.  It
comes with a limited set of features compared to the 'curl' package.  On the
other hand, the package is smaller and requires fewer run-time dependencies to
be installed.

Changelog (Show File list) (Show related packages)

• Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19.el9_1.2

  - fix HTTP multi-header compression denial of service (CVE-2023-23916)

• Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19.el9_1.1

  - fix POST following PUT confusion (CVE-2022-32221)

• Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19

  - fix unpreserved file permissions (CVE-2022-32207)
  - fix HTTP compression denial of service (CVE-2022-32206)
  - fix FTP-KRB bad message verification (CVE-2022-32208)

• Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-18

  - fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

• Mon May 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-17

  - fix leak of SRP credentials in redirects (CVE-2022-27774)

• Fri Apr 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-16

  - add missing tests to Makefile

• Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-15

  - fix credential leak on redirect (CVE-2022-27774)
  - fix auth/cookie leak on redirect (CVE-2022-27776)
  - fix bad local IPv6 connection reuse (CVE-2022-27775)
  - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

• Tue Oct 26 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-14

  - re-disable HSTS in libcurl as an experimental feature (#2005874)

• Mon Oct 04 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-13

  - disable more protocols and features in libcurl-minimal (#2005874)

• Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.76.1-12

  - fix STARTTLS protocol injection via MITM (CVE-2021-22947)
  - fix protocol downgrade required TLS bypass (CVE-2021-22946)
  - fix use-after-free and double-free in MQTT sending (CVE-2021-22945)