openSUSE-SU-2022:10101-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10101-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:10101-1
- Related
- Published
- 2022-08-27T12:33:24Z
- Modified
- 2022-08-27T12:33:24Z
- Summary
- Security update for nim
- Details
-
This update for nim fixes the following issues:
Includes upstream security fixes for:
- (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF injection
- (boo#1175334, CVE-2020-15692) mishandle of argument to browsers.openDefaultBrowser
- (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to properly validate the server response
- (boo#1192712, CVE-2021-41259) null byte accepted in getContent function, leading to URI validation bypass
- (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer certificates by default
- (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS certificate
- (boo#1185084, CVE-2021-21373) 'nimble refresh' falls back to a non-TLS URL in case of error
- (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute arbitrary commands
- (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a check for newline character
Update to 1.6.6
- standard library use consistent styles for variable names so it can be used in projects which force a consistent style with --styleCheck:usages option.
- ARC/ORC are now considerably faster at method dispatching, bringing its performance back on the level of the refc memory management.
- Full changelog: https://nim-lang.org/blog/2022/05/05/version-166-released.html
- Previous updates and changelogs:
- 1.6.4: https://nim-lang.org/blog/2022/02/08/version-164-released.html
- 1.6.2: https://nim-lang.org/blog/2021/12/17/version-162-released.html
- 1.6.0: https://nim-lang.org/blog/2021/10/19/version-160-released.html
- 1.4.8: https://nim-lang.org/blog/2021/05/25/version-148-released.html
- 1.4.6: https://nim-lang.org/blog/2021/04/15/versions-146-and-1212-released.html
- 1.4.4: https://nim-lang.org/blog/2021/02/23/versions-144-and-1210-released.html
- 1.4.2: https://nim-lang.org/blog/2020/12/01/version-142-released.html
- 1.4.0: https://nim-lang.org/blog/2020/10/16/version-140-released.html
update to 1.2.16
- oids: switch from PRNG to random module
- nimc.rst: fix table markup
- nimRawSetjmp: support Windows
- correctly enable chronos
- bigints are not supposed to work on 1.2.x
- disable nimpy
- misc bugfixes
- fixes a 'mixin' statement handling regression [backport:1.2
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SNDISR45BBTIWW5MDTIQOSRHOEV3XUKF/
- https://bugzilla.suse.com/1175332
- https://bugzilla.suse.com/1175333
- https://bugzilla.suse.com/1175334
- https://bugzilla.suse.com/1181705
- https://bugzilla.suse.com/1185083
- https://bugzilla.suse.com/1185084
- https://bugzilla.suse.com/1185085
- https://bugzilla.suse.com/1185948
- https://bugzilla.suse.com/1192712
- https://www.suse.com/security/cve/CVE-2020-15690
- https://www.suse.com/security/cve/CVE-2020-15692
- https://www.suse.com/security/cve/CVE-2020-15693
- https://www.suse.com/security/cve/CVE-2020-15694
- https://www.suse.com/security/cve/CVE-2021-21372
- https://www.suse.com/security/cve/CVE-2021-21373
- https://www.suse.com/security/cve/CVE-2021-21374
- https://www.suse.com/security/cve/CVE-2021-29495
- https://www.suse.com/security/cve/CVE-2021-41259