SUSE Package Hub - openSUSE-2022-10101

Update Info

openSUSE-2022-10101

Security update for nim

Type: security
Severity: important
Issued: 2022-08-27
Description:
This update for nim fixes the following issues:

Includes upstream security fixes for:

* (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a 
  CR-LF injection
* (boo#1175334, CVE-2020-15692) mishandle of argument to 
  browsers.openDefaultBrowser
* (boo#1175332, CVE-2020-15694) httpClient.get().contentLength()
  fails to properly validate the server response
* (boo#1192712, CVE-2021-41259) null byte accepted in getContent
  function, leading to URI validation bypass
* (boo#1185948, CVE-2021-29495) stdlib httpClient does not
  validate peer certificates by default
* (boo#1185085, CVE-2021-21374) Improper verification of the 
  SSL/TLS certificate
* (boo#1185084, CVE-2021-21373) "nimble refresh" falls back to a 
  non-TLS URL in case of error
* (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute
  arbitrary commands
* (boo#1181705, CVE-2020-15690) Standard library asyncftpclient 
  lacks a check for newline character

Update to 1.6.6

* standard library use consistent styles for variable names so it
  can be used in projects which force a consistent style with 
  --styleCheck:usages option. 
* ARC/ORC are now considerably faster at method dispatching, 
  bringing its performance back on the level of the refc memory 
  management.
* Full changelog:
  https://nim-lang.org/blog/2022/05/05/version-166-released.html
- Previous updates and changelogs:
* 1.6.4: 
  https://nim-lang.org/blog/2022/02/08/version-164-released.html
* 1.6.2: 
  https://nim-lang.org/blog/2021/12/17/version-162-released.html
* 1.6.0: 
  https://nim-lang.org/blog/2021/10/19/version-160-released.html
* 1.4.8: 
  https://nim-lang.org/blog/2021/05/25/version-148-released.html
* 1.4.6: 
  https://nim-lang.org/blog/2021/04/15/versions-146-and-1212-released.html
* 1.4.4: 
  https://nim-lang.org/blog/2021/02/23/versions-144-and-1210-released.html
* 1.4.2: 
  https://nim-lang.org/blog/2020/12/01/version-142-released.html
* 1.4.0: 
  https://nim-lang.org/blog/2020/10/16/version-140-released.html

update to 1.2.16

* oids: switch from PRNG to random module
* nimc.rst: fix table markup
* nimRawSetjmp: support Windows
* correctly enable chronos
* bigints are not supposed to work on 1.2.x
* disable nimpy
* misc bugfixes
* fixes a 'mixin' statement handling regression [backport:1.2
References

Packages

nim-1.6.6-bp154.2.3.1