[ubuntu/bionic-security] curl 7.58.0-2ubuntu3.8 (Accepted)
Alex Murray
alex.murray at canonical.com
Wed Sep 11 07:02:54 UTC 2019
curl (7.58.0-2ubuntu3.8) bionic-security; urgency=medium
* SECURITY UPDATE: double-free when using kerberos over FTP may cause
denial-of-service
- debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
double-free on large memory allocation failures
- CVE-2019-5481
* SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
cause denial-of-service or remote code-execution
- debian/patches/CVE-2019-5482.patch: ensure to use the correct block
size when calling recvfrom() if the server returns an OACK without
specifying a block size in lib/tftp.c
- CVE-2019-5482
Date: 2019-09-10 13:03:18.377524+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list