[ubuntu/disco-security] curl 7.64.0-2ubuntu1.2 (Accepted)

Alex Murray alex.murray at canonical.com
Wed Sep 11 07:02:55 UTC 2019

curl (7.64.0-2ubuntu1.2) disco-security; urgency=medium

  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

Date: 2019-09-10 13:03:14.177156+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list