Package curl: Information

Source package: curl
Version: 7.56.1-alt1.M70C.1.1
Build time:  Mar 16, 2018, 10:24 PM in the task #201798
Copied in the task: #202075
Report package bug
License: MPL or MIT
Summary: Gets a file from a FTP, GOPHER or HTTP server
Curl is a client to get documents/files from servers, using any of the
supported protocols. The command is designed to work without user
interaction or any kind of interactivity.

Curl offers a busload of useful tricks like proxy support, user
authentication, ftp upload, HTTP post, file transfer resume and more.

NOTE: This version is compiled with SSL (https) support.

List of rpms provided by this srpm:
curl (x86_64, i586)
curl-debuginfo (x86_64, i586)
libcurl (x86_64, i586)
libcurl-debuginfo (x86_64, i586)
libcurl-devel (x86_64, i586)
libcurl-devel-static (x86_64, i586)

Maintainer: Evgeny Sinelnikov

    1. libssh2-devel
    2. libssl-devel
    3. glibc-devel-static
    4. libidn-devel
    5. groff-base
    6. python-modules
    7. python-modules-logging
    8. python-modules-xml
    9. rpm-build-ubt
    10. zlib-devel

Last changed

Nov. 23, 2017 Evgeny Sinelnikov 7.56.1-alt1.M70C.1.1
- Backport security updates to legacy stable branches
- Fixes:
  + CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler
  + CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP
  + CVE-2017-1000101 do not parse after a strtoul() overflow range
  + CVE-2017-1000100 tftp reject file name lengths that don't fit
  + CVE-2017-1000099 output the correct buffer to the user
  + CVE-2017-9502 URL file scheme drive letter buffer overflow
  + CVE-2016-5419 TLS session resumption client cert bypass (again)
  + CVE-2017-2629 SSL_VERIFYSTATUS ignored
  + CVE-2016-9594 uninitialized random
  + CVE-2016-9586 printf floating point buffer overflow
  + CVE-2016-8615 cookie injection for other servers
  + CVE-2016-8616 case insensitive password comparison
  + CVE-2016-8617 OOB write via unchecked multiplication
  + CVE-2016-8618 double-free in curl_maprintf
  + CVE-2016-8619 double-free in krb5 code
  + CVE-2016-8620 glob parser write/read out of bounds
  + CVE-2016-8621 curl_getdate read out of bounds
  + CVE-2016-8622 URL unescape heap overflow via integer truncation
  + CVE-2016-8623 Use-after-free via shared cookies
  + CVE-2016-8624 invalid URL parsing with '#'
  + CVE-2016-8625 IDNA 2003 makes curl use wrong host
  + CVE-2015-3236 send the HTTP Basic authentication credentials for a previous connection
  + CVE-2015-3237 The smb_request_state function allows remote SMB servers to obtain
                  sensitive information from memory or cause a denial of service
  + CVE-2015-3153 sends custom HTTP headers to both the proxy and destination server,
                  which might allow remote proxy servers to obtain sensitive information
  + CVE-2015-3148 do not properly re-use authenticated Negotiate connections
  + CVE-2015-3143 does not properly re-use NTLM connections, which allows remote
                  attackers to connect as other users via an unauthenticated request
  + CVE-2015-3145 The sanitize_cookie_path function does not properly calculate an index
  + CVE-2015-3144 The fix_hostname function does not properly calculate an index
Dec. 1, 2014 Anton V. Boyarshinov 7.31.0-alt1.M70C.2
- build fixed
Oct. 29, 2013 Anton V. Boyarshinov 7.31.0-alt1.M70C.1
- rebuild for c7