DLA-4158-1 fossil - HTTP client fix

Bulletin has no description...

Insecure Validation

Fossil has insecure validation. The vulnerability exists due to the system skipping the hostname check during TLS certificate validation...

CVE-2021-36377

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...

CVE-2021-36377

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...

CVE-2020-24614

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository...

DEBIAN-CVE-2017-17459

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

[SECURITY] Fedora 21 Update: fossil-1.33-1.fc21

Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface...