Kamil Dudka
1322e86ddb
new upstream release - 7.85.0
...
Resolves: CVE-2022-35252 - control code in cookie denial of service
2022-09-01 14:13:21 +02:00
Kamil Dudka
a4ed273b19
new upstream release - 7.84.0
...
Resolves: CVE-2022-32207 - Unpreserved file permissions
Resolves: CVE-2022-32205 - Set-Cookie denial of service
Resolves: CVE-2022-32206 - HTTP compression denial of service
Resolves: CVE-2022-32208 - FTP-KRB bad message verification
2022-06-27 13:00:50 +02:00
Kamil Dudka
4ad1229e9d
new upstream release - 7.83.1
...
Resolves: CVE-2022-27782 - fix too eager reuse of TLS and SSH connections
Resolves: CVE-2022-27779 - do not accept cookies for TLD with trailing dot
Resolves: CVE-2022-27778 - do not remove wrong file on error
Resolves: CVE-2022-30115 - hsts: ignore trailing dots when comparing hosts names
Resolves: CVE-2022-27780 - reject percent-encoded path separator in URL host
2022-05-11 10:03:28 +02:00
Kamil Dudka
f17162c526
new upstream release - 7.83.0
...
Resolves: CVE-2022-27774 - curl credential leak on redirect
Resolves: CVE-2022-27776 - curl auth/cookie leak on redirect
Resolves: CVE-2022-27775 - curl bad local IPv6 connection reuse
Resolves: CVE-2022-22576 - curl OAUTH2 bearer bypass in connection re-use
2022-04-27 13:52:54 +02:00
Kamil Dudka
4f4da0817d
new upstream release - 7.82.0
2022-03-05 11:17:52 +01:00
Kamil Dudka
3e801a6f9f
new upstream release - 7.81.0
2022-01-05 09:35:58 +01:00
Kamil Dudka
ef0743b641
new upstream release - 7.80.0
2021-11-10 09:03:50 +01:00
Kamil Dudka
407e3960e4
new upstream release - 7.79.1
2021-09-22 09:16:36 +02:00
Kamil Dudka
d02617d325
new upstream release - 7.79.0
...
Resolves: CVE-2021-22947 - STARTTLS protocol injection via MITM
Resolves: CVE-2021-22946 - protocol downgrade required TLS bypassed
Resolves: CVE-2021-22945 - use-after-free and double-free in MQTT sending
2021-09-15 09:09:11 +02:00
Kamil Dudka
64bcb4bcc1
new upstream release - 7.78.0
...
Resolves: CVE-2021-22925 - TELNET stack contents disclosure again
Resolves: CVE-2021-22924 - bad connection reuse due to flawed path name checks
Resolves: CVE-2021-22923 - metalink download sends credentials
Resolves: CVE-2021-22922 - wrong content via metalink not discarded
2021-07-21 10:22:33 +02:00
Kamil Dudka
4c89d92ee7
new upstream release - 7.77.0
...
Resolves: CVE-2021-22901 - TLS session caching disaster
Resolves: CVE-2021-22898 - TELNET stack contents disclosure
2021-05-26 09:20:35 +02:00
Kamil Dudka
bf8bb4b5b4
new upstream release - 7.76.1
2021-04-14 09:54:33 +02:00
Kamil Dudka
a0d250c162
new upstream release - 7.76.0
...
Resolves: CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup
Resolves: CVE-2021-22876 - Automatic referer leaks credentials
2021-03-31 10:47:25 +02:00
Kamil Dudka
7dada590f2
new upstream release - 7.75.0
2021-02-03 09:07:33 +01:00
Kamil Dudka
c829072f9f
new upstream release - 7.74.0
...
Resolves: CVE-2020-8286 - curl: Inferior OCSP verification
Resolves: CVE-2020-8285 - libcurl: FTP wildcard stack overflow
Resolves: CVE-2020-8284 - curl: trusting FTP PASV responses
2020-12-09 11:13:15 +01:00
Kamil Dudka
a15dd89aaa
new upstream release - 7.73.0
2020-10-14 10:31:57 +02:00
Kamil Dudka
e7a12a6b7b
new upstream release - 7.72.0
...
Resolves: CVE-2020-8231 - libcurl: wrong connect-only connection
2020-08-19 12:29:51 +02:00
Kamil Dudka
6071e0dd16
new upstream release - 7.71.1
2020-07-01 09:26:44 +02:00
Kamil Dudka
8c661bb9d7
new upstream release - 7.71.0
...
Resolves: CVE-2020-8169 - curl: Partial password leak over DNS on HTTP redirect
Resolves: CVE-2020-8177 - curl: overwrite local file with -J
2020-06-24 10:03:56 +02:00
Kamil Dudka
c88a6aff30
new upstream release - 7.70.0
2020-04-29 14:59:25 +02:00
Kamil Dudka
ac5c236f18
new upstream release - 7.69.1
2020-03-11 10:23:53 +01:00
Kamil Dudka
249d0aea51
new upstream release - 7.69.0
2020-03-04 11:41:43 +01:00
Kamil Dudka
dfb411a0a2
new upstream release - 7.68.0
2020-01-08 09:52:29 +01:00
Kamil Dudka
c667b141d6
new upstream release - 7.67.0
2019-11-06 09:26:57 +01:00
Kamil Dudka
da9af16256
new upstream release - 7.66.0
...
Resolves: CVE-2019-5481 - double free due to subsequent call of realloc()
Resolves: CVE-2019-5482 - heap buffer overflow in function tftp_receive_packet()
2019-09-12 15:20:21 +02:00
Paul Howarth
a5c984a590
new upstream release - 7.65.3
2019-07-20 12:02:57 +01:00
Kamil Dudka
6e794d5beb
new upstream release - 7.65.2
2019-07-17 10:34:24 +02:00
Kamil Dudka
901da63160
new upstream release - 7.65.1
2019-06-05 09:33:30 +02:00
Kamil Dudka
3c7950da77
new upstream release - 7.65.0
...
Resolves: CVE-2019-5436 - TFTP receive buffer overflow
Resolves: CVE-2019-5435 - integer overflows in curl_url_set()
2019-05-22 10:42:26 +02:00
Kamil Dudka
bbad3e0a62
new upstream release - 7.64.1
2019-03-27 12:45:46 +01:00
Kamil Dudka
2bdb624139
new upstream release - 7.64.0
...
Resolves: CVE-2019-3823 - SMTP end-of-response out-of-bounds read
Resolves: CVE-2019-3822 - NTLMv2 type-3 header stack buffer overflow
Resolves: CVE-2018-16890 - NTLM type-2 out-of-bounds buffer read
2019-02-06 09:56:05 +01:00
Kamil Dudka
a94ce82de0
new upstream release - 7.63.0
2018-12-12 09:51:10 +01:00
Kamil Dudka
34a4d8f848
new upstream release - 7.62.0
...
Resolves: CVE-2018-16839 - SASL password overflow via integer overflow
Resolves: CVE-2018-16840 - use-after-free in handle close
Resolves: CVE-2018-16842 - warning message out-of-buffer read
2018-10-31 12:47:56 +01:00
Kamil Dudka
20b63790e4
new upstream release - 7.61.1
...
Resolves: CVE-2018-14618 - NTLM password overflow via integer overflow
2018-09-05 10:03:29 +02:00
Kamil Dudka
a89a46eca8
new upstream release - 7.61.0
...
Resolves: CVE-2018-0500 - SMTP send heap buffer overflow
2018-07-11 14:19:28 +02:00
Kamil Dudka
5a0fa9250b
new upstream release, which fixes the following vulnerabilities
...
Resolves: CVE-2018-1000300 - FTP shutdown response buffer overflow
Resolves: CVE-2018-1000301 - RTSP bad headers buffer over-read
2018-05-16 15:02:28 +02:00
Kamil Dudka
bdef0a1bf6
new upstream release - 7.59.0
...
Resolves: CVE-2018-1000120 - FTP path trickery leads to NIL byte out of bounds write
Resolves: CVE-2018-1000121 - LDAP NULL pointer dereference
Resolves: CVE-2018-1000122 - RTSP RTP buffer over-read
2018-03-14 10:28:05 +01:00
Kamil Dudka
93c55561d3
new upstream release - 7.58.0
...
Resolves: CVE-2018-1000005 - curl: HTTP/2 trailer out-of-bounds read
Resolves: CVE-2018-1000007 - curl: HTTP authentication leak in redirects
2018-01-24 11:55:14 +01:00
Kamil Dudka
ed352e927e
new upstream release - 7.57.0
...
Resolves: CVE-2017-8816 - curl: NTLM buffer overflow via integer overflow
Resolves: CVE-2017-8817 - curl: FTP wildcard out of bounds read
Resolves: CVE-2017-8818 - curl: SSL out of buffer access
2017-11-29 14:03:21 +01:00
Kamil Dudka
5d4a9257c3
new upstream release - 7.56.1 (fixes CVE-2017-1000257)
2017-10-23 10:13:16 +02:00
Kamil Dudka
46c8abb050
new upstream release - 7.56.0 (fixes CVE-2017-1000254)
2017-10-04 09:36:05 +02:00
Kamil Dudka
019e1c424c
new upstream release - 7.55.1
2017-08-14 09:39:22 +02:00
Kamil Dudka
46042daf78
new upstream release - 7.55.0
...
Resolves: CVE-2017-1000099 - FILE buffer read out of bounds
Resolves: CVE-2017-1000100 - TFTP sends more than buffer size
Resolves: CVE-2017-1000101 - URL globbing out of bounds read
2017-08-09 10:52:10 +02:00
Kamil Dudka
0aa20e6c92
new upstream release - 7.54.1
2017-06-14 10:50:24 +02:00
Kamil Dudka
0f99fceebe
new upstream release - 7.54.0 (fixes CVE-2017-7468)
2017-04-20 09:09:40 +02:00
Kamil Dudka
c1fbf35cce
new upstream release - 7.53.1
2017-02-24 10:51:31 +01:00
Kamil Dudka
8afeb9390f
new upstream release - 7.53.0 (fixes CVE-2017-2629)
2017-02-22 10:32:55 +01:00
Kamil Dudka
00369df034
new upstream release - 7.52.1 (fixes CVE-2016-9586)
2016-12-23 10:06:25 +01:00
Kamil Dudka
5169cd3899
new upstream release - 7.51.0
...
Resolves: CVE-2016-8615 - Cookie injection for other servers
Resolves: CVE-2016-8616 - Case insensitive password comparison
Resolves: CVE-2016-8617 - Out-of-bounds write via unchecked multiplication
Resolves: CVE-2016-8618 - Double-free in curl_maprintf
Resolves: CVE-2016-8619 - Double-free in krb5 code
Resolves: CVE-2016-8620 - Glob parser write/read out of bounds
Resolves: CVE-2016-8621 - curl_getdate out-of-bounds read
Resolves: CVE-2016-8622 - URL unescape heap overflow via integer truncation
Resolves: CVE-2016-8623 - Use-after-free via shared cookies
Resolves: CVE-2016-8624 - Invalid URL parsing with '#'
Resolves: CVE-2016-8625 - IDNA 2003 makes curl use wrong host
2016-11-02 11:12:40 +01:00
Kamil Dudka
b552e5528d
new upstream release - 7.50.3 (fixes CVE-2016-7167)
2016-09-14 10:50:47 +02:00