[ubuntu/disco-proposed] curl 7.64.0-1ubuntu1 (Accepted)
Sebastien Bacher
seb128 at ubuntu.com
Thu Feb 14 15:52:13 UTC 2019
curl (7.64.0-1ubuntu1) disco; urgency=medium
* Resynchronize with Debian, remaining change
* debian/control, debian/rules:
- build with libssh instead of libssh2, that's a better maintained
library and it's in Ubuntu main (lp: #311029)
curl (7.64.0-1) unstable; urgency=medium
* New upstream release
+ Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
https://curl.haxx.se/docs/CVE-2018-16890.html
+ Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
https://curl.haxx.se/docs/CVE-2019-3822.html
+ Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
https://curl.haxx.se/docs/CVE-2019-3823.html
+ Fix HTTP negotiation with POST requests (Closes: #920267)
Date: Thu, 14 Feb 2019 16:49:23 +0100
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.64.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 14 Feb 2019 16:49:23 +0100
Source: curl
Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.64.0-1ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 920267
Launchpad-Bugs-Fixed: 311029
Changes:
curl (7.64.0-1ubuntu1) disco; urgency=medium
.
* Resynchronize with Debian, remaining change
* debian/control, debian/rules:
- build with libssh instead of libssh2, that's a better maintained
library and it's in Ubuntu main (lp: #311029)
.
curl (7.64.0-1) unstable; urgency=medium
.
* New upstream release
+ Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
https://curl.haxx.se/docs/CVE-2018-16890.html
+ Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
https://curl.haxx.se/docs/CVE-2019-3822.html
+ Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
https://curl.haxx.se/docs/CVE-2019-3823.html
+ Fix HTTP negotiation with POST requests (Closes: #920267)
Checksums-Sha1:
3686e43a0024d999e59f779dc16947161f77496e 2112 curl_7.64.0-1ubuntu1.dsc
5911d4400e988ae52368f2266a5f84378983dbde 4032645 curl_7.64.0.orig.tar.gz
f12842670ab074df40f4e1c240fc2e9bd4d64682 29244 curl_7.64.0-1ubuntu1.debian.tar.xz
Checksums-Sha256:
70d697f23fda6e5039b46358918fa2412b70419a0aa1ee73ac64f1483cdd5c25 2112 curl_7.64.0-1ubuntu1.dsc
cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5 4032645 curl_7.64.0.orig.tar.gz
bd6c4dce3756cc2fc9085f7d3ada8f0db1be9f96435c4d3d9e1efac20639a456 29244 curl_7.64.0-1ubuntu1.debian.tar.xz
Files:
beed75837e7a49baaf785b2ef286204f 2112 web optional curl_7.64.0-1ubuntu1.dsc
a026740d599a32bcbbe6e70679397899 4032645 web optional curl_7.64.0.orig.tar.gz
e4c62c1e2b9d60639d62433d1337e41c 29244 web optional curl_7.64.0-1ubuntu1.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlxljnYACgkQQxo87aLX0pLjhgCfeCcTCx6IrphdDrw4JGHhPZ33
D3sAnAxICcMFp87aF1MCuzM/0PKWgVsm
=Ez7Q
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list