| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libcurl | Distribution: Fedora Project |
| Version: 8.2.1 | Vendor: Fedora Project |
| Release: 3.fc39 | Build date: Wed Oct 11 17:44:11 2023 |
| Group: Unspecified | Build host: buildvm-x86-09.iad2.fedoraproject.org |
| Size: 771172 | Source RPM: curl-8.2.1-3.fc39.src.rpm |
| Packager: Fedora Project | |
| Url: https://curl.se/ | |
| Summary: A library for getting files from web servers | |
libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more.
curl
* Wed Oct 11 2023 Jan Macku <[email protected]> - 8.2.1-3
- fix cookie injection with none file (CVE-2023-38546)
- fix SOCKS5 heap buffer overflow (CVE-2023-38545)
* Wed Sep 13 2023 Jan Macku <[email protected]> - 8.2.1-2
- fix HTTP headers eat all memory (CVE-2023-38039)
* Wed Jul 26 2023 Lukáš Zaoral <[email protected]> - 8.2.1-1
- new upstream release (rhbz#2226659)
* Wed Jul 19 2023 Jan Macku <[email protected]> - 8.2.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-32001 - fopen race condition
* Tue May 30 2023 Jan Macku <[email protected]> - 8.1.2-1
- new upstream release, with small bugfixes and improvements
* Tue May 23 2023 Jan Macku <[email protected]> - 8.1.1-1
- new upstream release, with small bugfixes and improvements
* Wed May 17 2023 Kamil Dudka <[email protected]> - 8.1.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-28321 - IDN wildcard match
CVE-2023-28322 - more POST-after-PUT confusion
* Fri Apr 21 2023 Kamil Dudka <[email protected]> - 8.0.1-3
- tests: re-enable temporarily disabled test-cases
- tests: attempt to fix a conflict on port numbers
- apply patches automatically
* Tue Mar 21 2023 Lukáš Zaoral <[email protected]> - 8.0.1-2
- migrated to SPDX license
* Mon Mar 20 2023 Kamil Dudka <[email protected]> - 8.0.1-1
- new upstream release
* Mon Mar 20 2023 Kamil Dudka <[email protected]> - 8.0.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-27538 - SSH connection too eager reuse still
CVE-2023-27537 - HSTS double-free
CVE-2023-27536 - GSS delegation too eager connection re-use
CVE-2023-27535 - FTP too eager connection reuse
CVE-2023-27534 - SFTP path ~ resolving discrepancy
CVE-2023-27533 - TELNET option IAC injection
* Mon Feb 20 2023 Kamil Dudka <[email protected]> - 7.88.1-1
- new upstream release
* Fri Feb 17 2023 Kamil Dudka <[email protected]> - 7.88.0-2
- http2: set drain on stream end
* Wed Feb 15 2023 Kamil Dudka <[email protected]> - 7.88.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2023-23916 - HTTP multi-header compression denial of service
CVE-2023-23915 - HSTS amnesia with --parallel
CVE-2023-23914 - HSTS ignored on multiple requests
* Fri Jan 20 2023 Kamil Dudka <[email protected]> - 7.87.0-4
- fix regression in a public header file (#2162716)
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 7.87.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 11 2023 Kamil Dudka <[email protected]> - 7.87.0-2
- test3012: temporarily disable valgrind (#2143040)
* Wed Dec 21 2022 Kamil Dudka <[email protected]> - 7.87.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-43552 - HTTP Proxy deny use-after-free
CVE-2022-43551 - Another HSTS bypass via IDN
* Tue Nov 29 2022 Kamil Dudka <[email protected]> - 7.86.0-4
- noproxy: tailmatch like in 7.85.0 and earlier (#2149224)
* Thu Nov 24 2022 Kamil Dudka <[email protected]> - 7.86.0-3
- enforce versioned libnghttp2 dependency for libcurl (#2144277)
* Mon Oct 31 2022 Kamil Dudka <[email protected]> - 7.86.0-2
- fix regression in noproxy matching
* Wed Oct 26 2022 Kamil Dudka <[email protected]> - 7.86.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-42916 - HSTS bypass via IDN
CVE-2022-42915 - HTTP proxy double-free
CVE-2022-35260 - .netrc parser out-of-bounds access
CVE-2022-32221 - POST following PUT confusion
* Thu Sep 01 2022 Kamil Dudka <[email protected]> - 7.85.0-1
- new upstream release, which fixes the following vulnerability
CVE-2022-35252 - control code in cookie denial of service
* Thu Aug 25 2022 Kamil Dudka <[email protected]> - 7.84.0-3
- tests: fix http2 tests to use CRLF headers to make it work with nghttp2-1.49.0
* Wed Jul 20 2022 Fedora Release Engineering <[email protected]> - 7.84.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 27 2022 Kamil Dudka <[email protected]> - 7.84.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-32207 - Unpreserved file permissions
CVE-2022-32205 - Set-Cookie denial of service
CVE-2022-32206 - HTTP compression denial of service
CVE-2022-32208 - FTP-KRB bad message verification
* Wed May 11 2022 Kamil Dudka <[email protected]> - 7.83.1-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
CVE-2022-27779 - do not accept cookies for TLD with trailing dot
CVE-2022-27778 - do not remove wrong file on error
CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
CVE-2022-27780 - reject percent-encoded path separator in URL host
* Wed Apr 27 2022 Kamil Dudka <[email protected]> - 7.83.0-1
- new upstream release, which fixes the following vulnerabilities
CVE-2022-27774 - curl credential leak on redirect
CVE-2022-27776 - curl auth/cookie leak on redirect
CVE-2022-27775 - curl bad local IPv6 connection reuse
CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
* Tue Mar 15 2022 Kamil Dudka <[email protected]> - 7.82.0-2
- openssl: fix incorrect CURLE_OUT_OF_MEMORY error on CN check failure
* Sat Mar 05 2022 Kamil Dudka <[email protected]> - 7.82.0-1
- new upstream release
* Thu Feb 24 2022 Kamil Dudka <[email protected]> - 7.81.0-4
- enable IDN support also in libcurl-minimal
* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <[email protected]> - 7.81.0-3
- Suggest libcurl-minimal in curl-minimal
* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> - 7.81.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 05 2022 Kamil Dudka <[email protected]> - 7.81.0-1
- new upstream release
* Sun Nov 14 2021 Paul Howarth <[email protected]> - 7.80.0-2
- sshserver.pl (used in test suite) now requires the Digest::SHA perl module
* Wed Nov 10 2021 Kamil Dudka <[email protected]> - 7.80.0-1
- new upstream release
* Tue Oct 26 2021 Kamil Dudka <[email protected]> - 7.79.1-3
- re-enable HSTS in libcurl-minimal as a security feature (#2005874)
/usr/lib/.build-id /usr/lib/.build-id/f3 /usr/lib/.build-id/f3/afb331eb42cd82596589ceed1f2cf3162854fe /usr/lib/libcurl.so.4 /usr/lib/libcurl.so.4.8.0 /usr/share/licenses/libcurl /usr/share/licenses/libcurl/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 21:55:09 2024