SUSE Package Hub - openSUSE-2024-199

Update Info

openSUSE-2024-199

Security update for obs-service-download_url

Type: security

Severity: moderate

Issued: 2024-07-15

Description:

This update for obs-service-download_url fixes the following issues:

Update to version 0.2.1:

* CVE-2024-22033: fixed argument parsing to avoid argument injection (boo#1227203)

Update to version 0.2.0:

* BREAKING CHANGE: enable sslvalidation by default
* Fix filename option
* added new parameter "download-manifest" for bulk downloads

References

CVE: CVE-2024-22033
Bugzilla: 1227203 VUL-0: CVE-2024-22033: obs-service-download_url: argument injection

Packages

obs-service-download_url-0.2.1-bp155.3.3.1