[ubuntu/bionic-proposed] curl 7.57.0-1ubuntu1 (Accepted)

Fri Dec 8 16:44:12 UTC 2017

curl (7.57.0-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev.

curl (7.57.0-1) unstable; urgency=medium

  * New upstream release
    - Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816
      https://curl.haxx.se/docs/adv_2017-11e7.html
    - Fix FTP wildcard out of bounds read as per CVE-2017-8817
      https://curl.haxx.se/docs/adv_2017-ae72.html
    - Fix SSL out of buffer access as per CVE-2017-8818
      https://curl.haxx.se/docs/adv_2017-af0a.html
  * Remove -fdebug-prefix-map from curl-config.
    Thanks to Timo Weingärtner for the patch (Closes: #861974, #874223, #874238)
  * Don't install zsh completion when cross compiling.
    Thanks to Wookey for the patch (Closes: #812965)

curl (7.56.1-1) unstable; urgency=medium

  * New upstream release
    - Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257
      https://curl.haxx.se/docs/adv_20171023.html
  * Bump Standards-Version to 4.1.1 (no changes needed)
  * Drop 01_runtests_gdb.patch
  * Drop 12_dont-wait-on-CONNECT.patch
  * Refresh patches
  * Update *.symbols files
  * Use https:// URL in watch file

Date: Wed, 06 Dec 2017 18:11:20 +0100
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.57.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 06 Dec 2017 18:11:20 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.57.0-1ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 812965 861974 874223 874238
Changes:
 curl (7.57.0-1ubuntu1) bionic; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - Drop dependencies not in main:
       + Build-Depends: Drop libssh2-1-dev.
 .
 curl (7.57.0-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816
       https://curl.haxx.se/docs/adv_2017-11e7.html
     - Fix FTP wildcard out of bounds read as per CVE-2017-8817
       https://curl.haxx.se/docs/adv_2017-ae72.html
     - Fix SSL out of buffer access as per CVE-2017-8818
       https://curl.haxx.se/docs/adv_2017-af0a.html
   * Remove -fdebug-prefix-map from curl-config.
     Thanks to Timo Weingärtner for the patch (Closes: #861974, #874223, #874238)
   * Don't install zsh completion when cross compiling.
     Thanks to Wookey for the patch (Closes: #812965)
 .
 curl (7.56.1-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257
       https://curl.haxx.se/docs/adv_20171023.html
   * Bump Standards-Version to 4.1.1 (no changes needed)
   * Drop 01_runtests_gdb.patch
   * Drop 12_dont-wait-on-CONNECT.patch
   * Refresh patches
   * Update *.symbols files
   * Use https:// URL in watch file
Checksums-Sha1:
 e933e370559f444e82072e8a46faeec92c79a365 2781 curl_7.57.0-1ubuntu1.dsc
 bb961986e3e3ef4762c6368db8f6463f3068cb25 3828358 curl_7.57.0.orig.tar.gz
 c2ffe930f7541a26d1e70b2a2659c92bc5652113 31432 curl_7.57.0-1ubuntu1.debian.tar.xz
 00b3670a87c73860c3102d26cd542ba44ee7a24e 9253 curl_7.57.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 480fb1e2d1bcf51d2d64b6e7197a3ff23b4828b9c55c9b639971bf54dcc116d3 2781 curl_7.57.0-1ubuntu1.dsc
 7ce35f207562674e71dbada6891b37e3f043c1e7a82915cb9c2a17ad3a9d659b 3828358 curl_7.57.0.orig.tar.gz
 e25219721ee5b6f8fe274718e7b691afe2161eb8984b42dd43875fd3c9aafbae 31432 curl_7.57.0-1ubuntu1.debian.tar.xz
 d6d52a212d64ea2978616c4c0b7c47888d46647460de76c2fdca4732a8bfdd91 9253 curl_7.57.0-1ubuntu1_source.buildinfo
Files:
 0bcc9896276dc1c44b571d5c88c442cd 2781 web optional curl_7.57.0-1ubuntu1.dsc
 c7aab73aaf5e883ca1d7518f93649dc2 3828358 web optional curl_7.57.0.orig.tar.gz
 aec769fe19677cc76f29fb52808d4337 31432 web optional curl_7.57.0-1ubuntu1.debian.tar.xz
 0d452b21de51a883937575f188d26a50 9253 web optional curl_7.57.0-1ubuntu1_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJaKRciAAoJEPNPCXROn13ZossQAKosZenSEffD2EZlQdOA6BBd
zM55S5hcXMcjsfGKjZ/qGnrwl09Lj/2nRbtd1/EOs+05nqjFeAFYKIfue3okf+U/
a14sgEIemRQCNtnXzZXnbdzEHubezDmNh0fd8Vju/evZ6MzxpAU8P8Cn60+iJYZB
AkEVyLz6Jicw6B5V7gCeBT3UVTpGSoB6wz9NgidV+NE9nuOak8T0cSNrYy08G/mD
IwTkdvFDMBGoF+JEpL8O0S9eNoSDn9z3yAYy/1EJs3XpdnF4qDqG3CJGtPdI4+t8
U0Gsk8sVa55NWTNahAbJkw30c4SXfW+oQZu+WYqFCRVSUcOFkZkdwdMqti+V38ns
ZeI6KtbyHXUiRFjWb27I7suMLonKM0FrSh4N0stKxXDpm4lvtqiyoYs3PP5rtU0U
pKDHNW2x5gINKdy8YhBrZAwbUxqmWF+FnunyqFB4X6L5TeUuGuC1dE3COyDt2zOJ
RKuLj14US/u4KpvCfFkJpb3P+wag2MV4y9nJyjjhcQ2p3vYPa9jEKoLmis7cptA0
wlVOIAmRL1hEAVi7plukB2JMXbWgF0e7E+ok9ePBWH5cXm0zqL7bO7ZL5ypUanB/
L5lm+xsFETpFIU9QTO/gk5EUOpAzpNHMe/zqTMHxReN88fLt5FDbHQHT+G3kF6Cj
lATpbFT+6PkKTOl4zrMj
=sWjK
-----END PGP SIGNATURE-----