openSUSE-SU-2020:0785-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0785-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2020:0785-1
Related
Published
2020-06-08T09:28:00Z
Modified
2020-06-08T09:28:00Z
Summary
Security update for axel
Details

This update for axel fixes the following issues:

axel was updated to 2.17.8:

  • CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)

  • Replaced progressbar line clearing with terminal control sequence

  • Fixed parsing of Content-Disposition HTTP header
  • Fixed User-Agent HTTP header never being included

Update to version 2.17.7:

  • Buildsystem fixes
  • Fixed release date for man-pages on BSD
  • Explicitly close TCP sockets on SSL connections too
  • Fixed HTTP basic auth header generation
  • Changed the default progress report to 'alternate output mode'
  • Improved English in README.md

Update to version 2.17.6:

  • Fixed handling of non-recoverable HTTP errors
  • Cleanup of connection setup code
  • Fixed manpage reproducibility issue
  • Use tracker instead of PTS from Debian

Update to version 2.17.5:

  • Fixed progress indicator misalignment
  • Cleaned up the wget-like progress output code
  • Improved progress output flushing

Update to version 2.17.4:

  • Fixed build with bionic libc (Android)
  • TCP Fast Open support on Linux
  • TCP code cleanup
  • Removed dependency on libm
  • Data types and format strings cleanup
  • String handling cleanup
  • Format string checking GCC attributes added
  • Buildsystem fixes and improvements
  • Updates to the documentation
  • Updated all translations
  • Fixed Footnotes in documentation
  • Fixed a typo in README.md

Update to version 2.17.3:

  • Builds now use canonical host triplet instead of uname -s
  • Fixed build on Darwin / Mac OS X
  • Fixed download loops caused by last byte pointer being off by one
  • Fixed linking issues (i18n and posix threads)
  • Updated build instructions
  • Code cleanup
  • Added autoconf-archive to building instructions

Update to version 2.17.2:

  • Fixed HTTP request-ranges to be zero-based
  • Fixed typo 'too may' -> 'too many'
  • Replaced malloc + memset calls with calloc
  • Sanitize progress bar buffer len passed to memset

Update to version 2.17.1:

  • Fixed comparison error in axel_divide
  • Make sure maxconns is at least 1

Update to version 2.17:

  • Fixed composition of URLs in redirections
  • Fixed request range calculation
  • Updated all translations
  • Updated build documentation
  • Major code cleanup
    • Cleanup of alternate progress output
    • Removed global string buffers
    • Fixed min and max macros
    • Moved User-Agent header to conf->add_header
    • Use integers for speed ratio and delay calculation
  • Added support for parsing IPv6 literal hostname
  • Fixed filename extraction from URL
  • Fixed request-target message to proxy
  • Handle secure protocol's schema even with SSL disabled
  • Fixed Content-Disposition filename value decoding
  • Strip leading hyphens in extracted filenames

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / axel

Package

Name
axel
Purl
pkg:rpm/suse/axel&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.8-bp151.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "axel": "2.17.8-bp151.4.3.1"
        }
    ]
}