{"affected":[{"ecosystem_specific":{"binaries":[{"axel":"2.17.8-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"axel","purl":"pkg:rpm/suse/axel&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.17.8-bp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for axel fixes the following issues:\n\naxel was updated to 2.17.8:\n\n* CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159)\n\n* Replaced progressbar line clearing with terminal control sequence\n* Fixed parsing of Content-Disposition HTTP header\n* Fixed User-Agent HTTP header never being included\n\nUpdate to version 2.17.7:\n\n- Buildsystem fixes\n- Fixed release date for man-pages on BSD\n- Explicitly close TCP sockets on SSL connections too\n- Fixed HTTP basic auth header generation\n- Changed the default progress report to 'alternate output mode'\n- Improved English in README.md\n\nUpdate to version 2.17.6:\n\n- Fixed handling of non-recoverable HTTP errors\n- Cleanup of connection setup code\n- Fixed manpage reproducibility issue\n- Use tracker instead of PTS from Debian\n\nUpdate to version 2.17.5:\n\n- Fixed progress indicator misalignment\n- Cleaned up the wget-like progress output code\n- Improved progress output flushing\n\nUpdate to version 2.17.4:\n\n- Fixed build with bionic libc (Android)\n- TCP Fast Open support on Linux\n- TCP code cleanup\n- Removed dependency on libm\n- Data types and format strings cleanup\n- String handling cleanup\n- Format string checking GCC attributes added\n- Buildsystem fixes and improvements\n- Updates to the documentation\n- Updated all translations\n- Fixed Footnotes in documentation\n- Fixed a typo in README.md\n\nUpdate to version 2.17.3:\n\n- Builds now use canonical host triplet instead of `uname -s`\n- Fixed build on Darwin / Mac OS X\n- Fixed download loops caused by last byte pointer being off by one\n- Fixed linking issues (i18n and posix threads)\n- Updated build instructions\n- Code cleanup\n- Added autoconf-archive to building instructions\n\nUpdate to version 2.17.2:\n\n- Fixed HTTP request-ranges to be zero-based\n- Fixed typo 'too may' -> 'too many'\n- Replaced malloc + memset calls with calloc\n- Sanitize progress bar buffer len passed to memset\n\nUpdate to version 2.17.1:\n\n- Fixed comparison error in axel_divide\n- Make sure maxconns is at least 1\n\nUpdate to version 2.17:\n\n- Fixed composition of URLs in redirections\n- Fixed request range calculation\n- Updated all translations\n- Updated build documentation\n- Major code cleanup\n -  Cleanup of alternate progress output\n -  Removed global string buffers\n -  Fixed min and max macros\n -  Moved User-Agent header to conf->add_header\n -  Use integers for speed ratio and delay calculation\n- Added support for parsing IPv6 literal hostname\n- Fixed filename extraction from URL\n- Fixed request-target message to proxy\n- Handle secure protocol's schema even with SSL disabled\n- Fixed Content-Disposition filename value decoding\n- Strip leading hyphens in extracted filenames\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.","id":"openSUSE-SU-2020:0785-1","modified":"2020-06-08T09:28:00Z","published":"2020-06-08T09:28:00Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RMIDK7IWOQEGA4JV57F2GFOFC73N6U66/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1172159"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-13614"}],"related":["CVE-2020-13614"],"summary":"Security update for axel","upstream":["CVE-2020-13614"]}