[ubuntu/bionic-proposed] curl 7.58.0-1ubuntu1 (Accepted)

Wed Jan 24 22:06:18 UTC 2018

curl (7.58.0-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev.

curl (7.58.0-1) unstable; urgency=medium

  * New upstream release
    - Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005
      https://curl.haxx.se/docs/adv_2018-824a.html
    - Fix HTTP authentication leak in redirects as per CVE-2018-1000007
      https://curl.haxx.se/docs/adv_2018-b3bf.html
  * Point Vcs-* to salsa.d.o
  * Bump Standards-Version to 4.1.3 (no changes needed)
  * Bump debhlper compat level to 11
  * Refresh patches
  * fix insecure-copyright-format-uri

Date: Wed, 24 Jan 2018 22:31:28 +0100
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.58.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 Jan 2018 22:31:28 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.58.0-1ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.58.0-1ubuntu1) bionic; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - Drop dependencies not in main:
       + Build-Depends: Drop libssh2-1-dev.
 .
 curl (7.58.0-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005
       https://curl.haxx.se/docs/adv_2018-824a.html
     - Fix HTTP authentication leak in redirects as per CVE-2018-1000007
       https://curl.haxx.se/docs/adv_2018-b3bf.html
   * Point Vcs-* to salsa.d.o
   * Bump Standards-Version to 4.1.3 (no changes needed)
   * Bump debhlper compat level to 11
   * Refresh patches
   * fix insecure-copyright-format-uri
Checksums-Sha1:
 3866cfe0d53bfd03b5c03b7a61f4e7ba204ee6c5 2799 curl_7.58.0-1ubuntu1.dsc
 089f17884d672aca7a661a65d847135f2f0ccbbf 3879728 curl_7.58.0.orig.tar.gz
 2eab0bdcebb27208a2094cd02fb9af812c97ae99 31564 curl_7.58.0-1ubuntu1.debian.tar.xz
 0fdc14d03c3a2f92b14d98833e58fd6423662d75 9491 curl_7.58.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 e831f3440fd49fbcedd5e76d3340cdd88f3bd77e842d415c2b968c9be24384d0 2799 curl_7.58.0-1ubuntu1.dsc
 cc245bf9a1a42a45df491501d97d5593392a03f7b4f07b952793518d97666115 3879728 curl_7.58.0.orig.tar.gz
 6fd65c888933fa0417f7ef800b0664a857bba62b33affd34a86308aa72d367ea 31564 curl_7.58.0-1ubuntu1.debian.tar.xz
 8e619a4cd9109e696db00bb28cdd1e99148360a7e764539b3019ef623255b303 9491 curl_7.58.0-1ubuntu1_source.buildinfo
Files:
 fe6b1d777c5c53e07da8c599223a5b86 2799 web optional curl_7.58.0-1ubuntu1.dsc
 7e9e9d5405c61148d53035426f162b0a 3879728 web optional curl_7.58.0.orig.tar.gz
 e1192bcc984d77a69b37fb8cab63bda9 31564 web optional curl_7.58.0-1ubuntu1.debian.tar.xz
 d8cb252d8f3873d0d004e777a3c55b79 9491 web optional curl_7.58.0-1ubuntu1_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEzeVhi4gF/W4gLOnC1zw55WWAs4YFAlpo+0QTHGp1bGlhbmtA
dWJ1bnR1LmNvbQAKCRDXPDnlZYCzhoR3D/0Rf8olNwlIo2d8UZjejVpRhuQ614YM
J6aUB0jbBk8MUX8ue7dtzDRUAgy+ffSTKliO5rUTJWzrf7K9Y3rPr936Lmll+Znx
0bnm5RVNxstnLnpOGgY/Hb144m5uCzlB31V7U4Pp2xgzC3eJGY7y5fsWF+9dWgVZ
l02pY3it1RfjutABW5uuYer48oV4sbaak4DOOQ4JsrBoMWVvEJxXoeriWlaCh5QP
brKOpQPzlSFU7+r34YDzDrJXsTW8fV6vPsiTQBP85UKeTJ14IJmVlEvenRc50zeL
MXuZJZqNa2XqyB6tXxJ1LjDgFUy6BcPOJE2JjRqL9/jSVcFtxvFFzZQ8xsYaoOnG
BiDkApuzMgwIe9jq60pHA2CQTcmqZqJZSQaooS/CYCg4OMI8k/e7ULG+wWnmxZzD
49nMUa+KKwcrCYf938WBF28FvqtJv49082dLpz1oimEu539RGPi/rWMJ3R2v6m91
aSTtQh9he7mKQuXWDm9/hf6X2jiCFEprg2F0Xh2wdK0j1Ev5AVyXF83EkfymbRvN
/1XLvy3c4tENwbMlJu6S851JvSQ+YMq726KzCsQs/PwJUJo+k7oF4FUd3U4j0xxf
oE1MCk5EsMavlQmqVWqTrRcWFJlnFEgamVKBmDGJqVmu/YlahF/aFw0bnol8c+Ka
WJeJ0VYYyeoopQ==
=4RA0
-----END PGP SIGNATURE-----