[ubuntu/bionic-proposed] curl 7.58.0-2ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Mar 15 14:54:20 UTC 2018 

curl (7.58.0-2ubuntu3) bionic; urgency=medium

  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

Date: Thu, 15 Mar 2018 08:20:41 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Mar 2018 08:20:41 -0400
Source: curl
Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.58.0-2ubuntu3
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.58.0-2ubuntu3) bionic; urgency=medium
 .
   * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
     - debian/patches/CVE-2018-1000120.patch: reject path components with
       control codes in lib/ftp.c, add test to tests/*.
     - CVE-2018-1000120
   * SECURITY UPDATE: LDAP NULL pointer dereference
     - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
       results for NULL before using in lib/openldap.c.
     - CVE-2018-1000121
   * SECURITY UPDATE: RTSP RTP buffer over-read
     - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
       go beyond buffer end in lib/transfer.c.
     - CVE-2018-1000122
Checksums-Sha1:
 837bd990efae174bb5cb3ed4f413cf5f05c0b92e 2737 curl_7.58.0-2ubuntu3.dsc
 19bd9d21f1d559dbda65770b44793364c22b53a0 34212 curl_7.58.0-2ubuntu3.debian.tar.xz
 336174c882f7f68b6377e6a91eab496449a40e85 9038 curl_7.58.0-2ubuntu3_source.buildinfo
Checksums-Sha256:
 6a8b36b254f9df77844b7c0267a71a9f0c3beb0085d5591b85bd0a4330cf13d7 2737 curl_7.58.0-2ubuntu3.dsc
 4b311793187c67c7440f6247a840bf00122b69358c3dfa6dd3f7efc137cbe1ab 34212 curl_7.58.0-2ubuntu3.debian.tar.xz
 afc0eaa71818d7bbb2d86ee8c03f74f91dbd7a8c6c37c5a5c726d1f9fcbe64b4 9038 curl_7.58.0-2ubuntu3_source.buildinfo
Files:
 87a5a65cf3e4e5923013af35d4e46a7d 2737 web optional curl_7.58.0-2ubuntu3.dsc
 be3b1baee9a0efe23ee7331a00de2211 34212 web optional curl_7.58.0-2ubuntu3.debian.tar.xz
 3e351ad59cb78d38c8cc6120a97f73d6 9038 web optional curl_7.58.0-2ubuntu3_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJaqoiqAAoJEGVp2FWnRL6Ta1oP/iaqHppVjyesGE8hvYy5owHt
yvxQH3vbYQ2AAl/tsSD9M3Oy5ssDumhFYwru8HVl3C3LPPwQAPElTvNwnK/U4gSs
RU577WVAGSbGX0ri2zS/MsfQim9CBFECVVqmJA99m3dlDiF82htP9QRKPGOEZqDG
fXyU8bTmHyXHslVuyV4d+g0AQPWH2/cecYrPJOe5lCBSV/afUuZ9xgwSICIoxcTT
oPA6H6MSOufPVwLUeJMhlQsWOXzflGeAQ+tdEqSlsZbdbG/a4yuoUMMthHUpTEg1
MleWsVfkWGxLMXDb160wrg642OnYu82fVRcrof5h7VvZVOQ37JIbD/EM/hczFhQB
OxbZ9KqiORY9vzJWUxP5EvgxVjOXAXzagRvYqLGOXoxMZdtJzxAPJLq4p3vudfKp
pOusxcgEp1DmblsYf1TPMmFo/agbt+4T7wW5up2IjgJxKurc31BQ6ImzgALmpAM4
y7rzLXuTEst8q42XsforqKA/iNKJbbcepQK4dbUNFsWvmlTsvb3zYrbOV6ZTPhTe
ivGujRO2CfTZQrJm8hPzGpAsnB7XtlQ7MM4vln+8y6jKBmo/o7DNLdtI+DR6Nrst
w6e1sOsjpauz1WrOV7DOp9lZCIGgCUkMZsqcicQgZWW1EivP+GCHmcLBBWHB7BHz
sr9aoL5ZgN09lbT+CFn0
=QS7I
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list