Description
Includes upstream security fixes for:
* (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF
injection
* (boo#1175334, CVE-2020-15692) mishandle of argument to
browsers.openDefaultBrowser
* (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to
properly validate the server response
* (boo#1192712, CVE-2021-41259) null byte accepted in getContent function,
leading to URI validation bypass
* (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer
certificates by default
* (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS
certificate
* (boo#1185084, CVE-2021-21373) "nimble refresh" falls back to a non-TLS
URL in case of error
* (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute
arbitrary commands
* (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a
check for newline character