Category ../Networking/File transfer

- Backport security updates to legacy stable branches
- Fixes:
  + CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler
  + CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP
  + CVE-2017-1000101 do not parse after a strtoul() overflow range
  + CVE-2017-1000100 tftp reject file name lengths that don't fit
  + CVE-2017-1000099 output the correct buffer to the user
  + CVE-2017-9502 URL file scheme drive letter buffer overflow
  + CVE-2016-5419 TLS session resumption client cert bypass (again)
  + CVE-2017-2629 SSL_VERIFYSTATUS ignored
  + CVE-2016-9594 uninitialized random
  + CVE-2016-9586 printf floating point buffer overflow
  + CVE-2016-8615 cookie injection for other servers
  + CVE-2016-8616 case insensitive password comparison
  + CVE-2016-8617 OOB write via unchecked multiplication
  + CVE-2016-8618 double-free in curl_maprintf
  + CVE-2016-8619 double-free in krb5 code
  + CVE-2016-8620 glob parser write/read out of bounds
  + CVE-2016-8621 curl_getdate read out of bounds
  + CVE-2016-8622 URL unescape heap overflow via integer truncation
  + CVE-2016-8623 Use-after-free via shared cookies
  + CVE-2016-8624 invalid URL parsing with '#'
  + CVE-2016-8625 IDNA 2003 makes curl use wrong host
  + CVE-2015-3236 send the HTTP Basic authentication credentials for a previous connection
  + CVE-2015-3237 The smb_request_state function allows remote SMB servers to obtain
                  sensitive information from memory or cause a denial of service
  + CVE-2015-3153 sends custom HTTP headers to both the proxy and destination server,
                  which might allow remote proxy servers to obtain sensitive information
  + CVE-2015-3148 do not properly re-use authenticated Negotiate connections
  + CVE-2015-3143 does not properly re-use NTLM connections, which allows remote
                  attackers to connect as other users via an unauthenticated request
  + CVE-2015-3145 The sanitize_cookie_path function does not properly calculate an index
  + CVE-2015-3144 The fix_hostname function does not properly calculate an index

curl Mar 15, 2018, 06:59 PM	Mar 15, 2018, 06:59 PM
Version: 7.56.1-alt1.M70C.1.1
Summary: Gets a file from a FTP, GOPHER or HTTP server
Changelog:
- Backport security updates to legacy stable branches - Fixes: + CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler + CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP + CVE-2017-1000101 do not parse after a strtoul() overflow range + CVE-2017-1000100 tftp reject file name lengths that don't fit + CVE-2017-1000099 output the correct buffer to the user + CVE-2017-9502 URL file scheme drive letter buffer overflow + CVE-2016-5419 TLS session resumption client cert bypass (again) + CVE-2017-2629 SSL_VERIFYSTATUS ignored + CVE-2016-9594 uninitialized random + CVE-2016-9586 printf floating point buffer overflow + CVE-2016-8615 cookie injection for other servers + CVE-2016-8616 case insensitive password comparison + CVE-2016-8617 OOB write via unchecked multiplication + CVE-2016-8618 double-free in curl_maprintf + CVE-2016-8619 double-free in krb5 code + CVE-2016-8620 glob parser write/read out of bounds + CVE-2016-8621 curl_getdate read out of bounds + CVE-2016-8622 URL unescape heap overflow via integer truncation + CVE-2016-8623 Use-after-free via shared cookies + CVE-2016-8624 invalid URL parsing with '#' + CVE-2016-8625 IDNA 2003 makes curl use wrong host + CVE-2015-3236 send the HTTP Basic authentication credentials for a previous connection + CVE-2015-3237 The smb_request_state function allows remote SMB servers to obtain sensitive information from memory or cause a denial of service + CVE-2015-3153 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information + CVE-2015-3148 do not properly re-use authenticated Negotiate connections + CVE-2015-3143 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request + CVE-2015-3145 The sanitize_cookie_path function does not properly calculate an index + CVE-2015-3144 The fix_hostname function does not properly calculate an index

rsync Nov 29, 2017, 08:31 PM	Nov 29, 2017, 08:31 PM
Version: 3.1.2-alt0.M70C.1
Summary: A program for synchronizing files over a network
Changelog:
- backport to c7.

eiskaltdcpp Sep 15, 2015, 06:41 PM	Sep 15, 2015, 06:41 PM
Version: 2.2.8-alt1.M70C.1
Summary: EiskaltDC++ - Direct Connect client
Changelog:
- rebuild with pcre 8.37

aria2 Feb 28, 2014, 07:44 AM	Feb 28, 2014, 07:44 AM
Version: 1.18.3-alt0.M70P.1
Summary: aria2 - a simple utility for downloading files faster
Changelog:
- Backport new version to p7 branch - Enable more aria2 features (such as XML-RPC needed by `kiwix`)

lftp Sep 18, 2013, 07:37 PM	Sep 18, 2013, 07:37 PM
Version: 4.4.9-alt1
Summary: Sophisticated command line file transfer program
Changelog:
- Updated to 4.4.9.

transmission Sep 2, 2013, 04:33 PM	Sep 2, 2013, 04:33 PM
Version: 2.82-alt1
Summary: Llightweight BitTorrent client
Changelog:
- new version

linuxdcpp Apr 20, 2013, 12:05 AM	Apr 20, 2013, 12:05 AM
Version: 1.0.3-alt1.1.qa2
Summary: Linux Direct Connect Client
Changelog:
- NMU: rebuilt for updated dependencies.

imule Apr 19, 2013, 03:07 PM	Apr 19, 2013, 03:07 PM
Version: 1.4.6-alt4.qa3
Summary: P2P file sharing software which connects through the anonymous I2P network
Changelog:
- NMU: rebuilt for updated dependencies.

hsftp Apr 19, 2013, 05:57 AM	Apr 19, 2013, 05:57 AM
Version: 1.15-alt1.qa1
Summary: FTP-type client using SSH to transfer files
Changelog:
- NMU: rebuilt for updated dependencies.

netfleet Apr 18, 2013, 06:10 AM	Apr 18, 2013, 06:10 AM
Version: 0.2.1-alt1.qa1
Summary: NetFleet is a multi-threaded(!) download utility
Changelog:
- NMU: rebuilt for debuginfo.

uucp Apr 18, 2013, 12:24 AM	Apr 18, 2013, 12:24 AM
Version: 1.07-alt3.qa1
Summary: The uucp utility for copying files between systems
Changelog:
- NMU: rebuilt for debuginfo.

filezilla Apr 18, 2013, 12:05 AM	Apr 18, 2013, 12:05 AM
Version: 3.3.3-alt1.qa1
Summary: FileZilla is a fast and reliable FTP client
Changelog:
- NMU: rebuilt for debuginfo.

multiget Apr 17, 2013, 08:58 PM	Apr 17, 2013, 08:58 PM
Version: 1.2.0-alt1.qa1
Summary: An easy-to-use GUI file downloader
Changelog:
- NMU: rebuilt for debuginfo.

ctorrent Apr 17, 2013, 05:29 AM	Apr 17, 2013, 05:29 AM
Version: 3.3.2-alt1.1.qa1
Summary: BitTorrent Client written in C
Changelog:
- NMU: rebuilt for debuginfo.

gkermit Apr 17, 2013, 01:21 AM	Apr 17, 2013, 01:21 AM
Version: 1.00-alt1.qa1
Summary: Transfer files with the Kermit protocol
Changelog:
- NMU: rebuilt for debuginfo.

qbittorrent Apr 16, 2013, 02:49 PM	Apr 16, 2013, 02:49 PM
Version: 3.0.9-alt1
Summary: qBittorrent is a bittorrent client written in C++ / Qt4 using the good libtorrent library.
Changelog:
- New version 3.0.9 (ALT #28367)

microdc2 Apr 16, 2013, 07:14 AM	Apr 16, 2013, 07:14 AM
Version: 0.15.6-alt7.qa1
Summary: A command-line based Direct Connect client
Changelog:
- NMU: rebuilt for debuginfo.

rsstail Apr 15, 2013, 05:10 AM	Apr 15, 2013, 05:10 AM
Version: 1.6-alt1.qa1
Summary: RSS reader
Changelog:
- NMU: rebuilt for debuginfo.

dcd Apr 15, 2013, 04:37 AM	Apr 15, 2013, 04:37 AM
Version: 1.1.1-alt6.qa1
Summary: DConnect Daemon - Hub D****ct Connect for Linux
Changelog:
- NMU: rebuilt for debuginfo.

createtorrent Apr 15, 2013, 01:09 AM	Apr 15, 2013, 01:09 AM
Version: 1.1.4-alt1.1.qa1
Summary: Create BitTorrent files from the command line
Changelog:
- NMU: rebuilt for debuginfo.