Revision Date: | 2020-12-01 | Version: | 1 |
Title: | Security update for axel (Moderate) |
Description: |
This update for axel fixes the following issues:
axel was updated to 2.17.8:
CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)
Replaced progressbar line clearing with terminal control sequence * Fixed parsing of Content-Disposition HTTP header * Fixed User-Agent HTTP header never being included
Update to version 2.17.7:
- Buildsystem fixes - Fixed release date for man-pages on BSD - Explicitly close TCP sockets on SSL connections too - Fixed HTTP basic auth header generation - Changed the default progress report to 'alternate output mode' - Improved English in README.md
Update to version 2.17.6:
- Fixed handling of non-recoverable HTTP errors - Cleanup of connection setup code - Fixed manpage reproducibility issue - Use tracker instead of PTS from Debian
Update to version 2.17.5:
- Fixed progress indicator misalignment - Cleaned up the wget-like progress output code - Improved progress output flushing
Update to version 2.17.4:
- Fixed build with bionic libc (Android) - TCP Fast Open support on Linux - TCP code cleanup - Removed dependency on libm - Data types and format strings cleanup - String handling cleanup - Format string checking GCC attributes added - Buildsystem fixes and improvements - Updates to the documentation - Updated all translations - Fixed Footnotes in documentation - Fixed a typo in README.md
Update to version 2.17.3:
- Builds now use canonical host triplet instead of `uname -s` - Fixed build on Darwin / Mac OS X - Fixed download loops caused by last byte pointer being off by one - Fixed linking issues (i18n and posix threads) - Updated build instructions - Code cleanup - Added autoconf-archive to building instructions
Update to version 2.17.2:
- Fixed HTTP request-ranges to be zero-based - Fixed typo 'too may' -> 'too many' - Replaced malloc + memset calls with calloc - Sanitize progress bar buffer len passed to memset
Update to version 2.17.1:
- Fixed comparison error in axel_divide - Make sure maxconns is at least 1
Update to version 2.17:
- Fixed composition of URLs in redirections - Fixed request range calculation - Updated all translations - Updated build documentation - Major code cleanup - Cleanup of alternate progress output - Removed global string buffers - Fixed min and max macros - Moved User-Agent header to conf->add_header - Use integers for speed ratio and delay calculation - Added support for parsing IPv6 literal hostname - Fixed filename extraction from URL - Fixed request-target message to proxy - Handle secure protocol's schema even with SSL disabled - Fixed Content-Disposition filename value decoding - Strip leading hyphens in extracted filenames
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1172159 1174922 1174923 CVE-2020-12673 CVE-2020-12674 CVE-2020-13614 openSUSE-SU-2020:0778-1 openSUSE-SU-2020:1262-1
|
Platform(s): | openSUSE Leap 15.1 openSUSE Leap 15.2
| Product(s): | |
Definition Synopsis |
openSUSE Leap 15.1 is installed AND axel-2.17.8-lp151.3.3 is installed
|
Definition Synopsis |
openSUSE Leap 15.2 is installed
AND Package Information
dovecot23-2.3.10-lp152.2.3 is installed
OR dovecot23-backend-mysql-2.3.10-lp152.2.3 is installed
OR dovecot23-backend-pgsql-2.3.10-lp152.2.3 is installed
OR dovecot23-backend-sqlite-2.3.10-lp152.2.3 is installed
OR dovecot23-devel-2.3.10-lp152.2.3 is installed
OR dovecot23-fts-2.3.10-lp152.2.3 is installed
OR dovecot23-fts-lucene-2.3.10-lp152.2.3 is installed
OR dovecot23-fts-solr-2.3.10-lp152.2.3 is installed
OR dovecot23-fts-squat-2.3.10-lp152.2.3 is installed
|