Пакет curl: Информация

    Исходный пакет: curl
    Версия: 7.56.1-alt1.M70C.1.1
    Собран:  16 марта 2018 г. 22:24 в задании #201798
    Скопирован в задании: #202075
    Сообщить об ошибке в пакете
    Домашняя страница: http://curl.haxx.se

    Лицензия: MPL or MIT
    О пакете: Gets a file from a FTP, GOPHER or HTTP server
    Описание: 
    Curl is a client to get documents/files from servers, using any of the
    supported protocols. The command is designed to work without user
    interaction or any kind of interactivity.
    
    Curl offers a busload of useful tricks like proxy support, user
    authentication, ftp upload, HTTP post, file transfer resume and more.
    
    NOTE: This version is compiled with SSL (https) support.

    Список rpm-пакетов, предоставляемых данным srpm-пакетом:
    curl (x86_64, i586)
    curl-debuginfo (x86_64, i586)
    libcurl (x86_64, i586)
    libcurl-debuginfo (x86_64, i586)
    libcurl-devel (x86_64, i586)
    libcurl-devel-static (x86_64, i586)

    Сопровождающий: Evgeny Sinelnikov


      1. libssh2-devel
      2. libssl-devel
      3. glibc-devel-static
      4. groff-base
      5. libidn-devel
      6. rpm-build-ubt
      7. python-modules
      8. zlib-devel
      9. python-modules-logging
      10. python-modules-xml

    Последнее изменение


    23 ноября 2017 г. Evgeny Sinelnikov 7.56.1-alt1.M70C.1.1
    - Backport security updates to legacy stable branches
    - Fixes:
      + CVE-2017-1000257 libcurl contains a buffer overrun flaw in the IMAP handler
      + CVE-2017-1000254 libcurl may read outside of a heap allocated buffer when doing FTP
      + CVE-2017-1000101 do not parse after a strtoul() overflow range
      + CVE-2017-1000100 tftp reject file name lengths that don't fit
      + CVE-2017-1000099 output the correct buffer to the user
      + CVE-2017-9502 URL file scheme drive letter buffer overflow
      + CVE-2016-5419 TLS session resumption client cert bypass (again)
      + CVE-2017-2629 SSL_VERIFYSTATUS ignored
      + CVE-2016-9594 uninitialized random
      + CVE-2016-9586 printf floating point buffer overflow
      + CVE-2016-8615 cookie injection for other servers
      + CVE-2016-8616 case insensitive password comparison
      + CVE-2016-8617 OOB write via unchecked multiplication
      + CVE-2016-8618 double-free in curl_maprintf
      + CVE-2016-8619 double-free in krb5 code
      + CVE-2016-8620 glob parser write/read out of bounds
      + CVE-2016-8621 curl_getdate read out of bounds
      + CVE-2016-8622 URL unescape heap overflow via integer truncation
      + CVE-2016-8623 Use-after-free via shared cookies
      + CVE-2016-8624 invalid URL parsing with '#'
      + CVE-2016-8625 IDNA 2003 makes curl use wrong host
      + CVE-2015-3236 send the HTTP Basic authentication credentials for a previous connection
      + CVE-2015-3237 The smb_request_state function allows remote SMB servers to obtain
                      sensitive information from memory or cause a denial of service
      + CVE-2015-3153 sends custom HTTP headers to both the proxy and destination server,
                      which might allow remote proxy servers to obtain sensitive information
      + CVE-2015-3148 do not properly re-use authenticated Negotiate connections
      + CVE-2015-3143 does not properly re-use NTLM connections, which allows remote
                      attackers to connect as other users via an unauthenticated request
      + CVE-2015-3145 The sanitize_cookie_path function does not properly calculate an index
      + CVE-2015-3144 The fix_hostname function does not properly calculate an index
    1 декабря 2014 г. Anton V. Boyarshinov 7.31.0-alt1.M70C.2
    - build fixed
    29 октября 2013 г. Anton V. Boyarshinov 7.31.0-alt1.M70C.1
    - rebuild for c7