[ubuntu/bionic-proposed] curl 7.55.1-1ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Nov 29 21:31:15 UTC 2017
curl (7.55.1-1ubuntu3) bionic; urgency=medium
* SECURITY UPDATE: NTLM buffer overflow via integer overflow
- debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
size in lib/curl_ntlm_core.c
- CVE-2017-8816
* SECURITY UPDATE: FTP wildcard out of bounds read
- debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
setcharset in lib/curl_fnmatch.c, added tests to
tests/data/Makefile.inc, tests/data/test1163.
- CVE-2017-8817
Date: Wed, 29 Nov 2017 15:29:49 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.55.1-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Nov 2017 15:29:49 -0500
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.55.1-1ubuntu3
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
curl (7.55.1-1ubuntu3) bionic; urgency=medium
.
* SECURITY UPDATE: NTLM buffer overflow via integer overflow
- debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
size in lib/curl_ntlm_core.c
- CVE-2017-8816
* SECURITY UPDATE: FTP wildcard out of bounds read
- debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
setcharset in lib/curl_fnmatch.c, added tests to
tests/data/Makefile.inc, tests/data/test1163.
- CVE-2017-8817
Checksums-Sha1:
559cadd15e1da399187d89347f73e1f91f8f6d77 2774 curl_7.55.1-1ubuntu3.dsc
d9f31887c7049eea50c6a21da08069fc41764bda 34720 curl_7.55.1-1ubuntu3.debian.tar.xz
0834679890ad310084cddf8b7c484a16fb09836b 8650 curl_7.55.1-1ubuntu3_source.buildinfo
Checksums-Sha256:
f87e194d5a90a79302c3feadb1a45066b2b2fcd2240584a54d3e25ff615eba95 2774 curl_7.55.1-1ubuntu3.dsc
876f8ddcb3f4d39b0b296bc861fdfc52b816e06da17cc79ace6fa94848b048cd 34720 curl_7.55.1-1ubuntu3.debian.tar.xz
e2a3e710acceb646be6addfc92aa61e469b41e2c1a304ca78735faa85ce8d03e 8650 curl_7.55.1-1ubuntu3_source.buildinfo
Files:
a2aff88ae48702835e985221252ea27d 2774 web optional curl_7.55.1-1ubuntu3.dsc
c737514ab5ed541287c0feee341546f9 34720 web optional curl_7.55.1-1ubuntu3.debian.tar.xz
3734dbf31ee48306317c83a8ee86f93f 8650 web optional curl_7.55.1-1ubuntu3_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJaHyahAAoJEGVp2FWnRL6TWiMP/3XYnY/jot4JzLYeBYvcnQMe
3SDWVE3gLNlQQbC1OjwLkP/2HnhyJt5iujwEkcHrrJjWAvQEZqD0j9jufGJ+Dyk5
Og/6jZT2VRtKvVhEWCzpxXpJa+cJWNsR3Z6ZBYAu2+veAPPYTuhSP+PAYPMx82oF
ULPFRxcy3lXXZjqDZUo6YEtKhSlzxHrnY2Ii1vP/8cVr4MOcRWBd296CtfB+7r6B
XlEVXDExI12SvedZ13hLVqGgJ/r7gFRncQrA9tan2sjM2mKEf1RgB9HzfpmhtooO
Q2jPhDykeqqdGtq2FYQPQtnAfkLd5u3E9WSKNhnEu68RVuFu9j4twesTerBGVAp/
30qh3b0CZ9ICGEGgNVOwFMjpfOb58MjY/kk5uH75FBLewsFj6vJE35EA1lJp6IkI
3iyEAi8etGwHvYM3MrCfqi47uG0LopRwPg53zFdkAJyfEX3DcYc5fO3u9bfsOWnO
q/2qGEwXnsT4BjAQNR1ZLuCZByczGben45juy7juYHkI0cGW37o3ziQ8vga4FRFB
lGTZD6dp882dtYMdU4GZzqF8QPzQuJEtGvnDmcdMc5WAfs0xvRfaorToVNLYy7LJ
CIVilgpjEyn7AdwBKxXzWSBodJ1SI8C0alIpNzcCvu6P8i8+s2aqh1yy8by2LWh9
YWVJPkQ0+ZJGvyu8/w3o
=Vdy6
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list