[ubuntu/disco-updates] curl 7.64.0-2ubuntu1.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Sep 11 15:53:42 UTC 2019
curl (7.64.0-2ubuntu1.2) disco-security; urgency=medium
* SECURITY UPDATE: double-free when using kerberos over FTP may cause
denial-of-service
- debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
double-free on large memory allocation failures
- CVE-2019-5481
* SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
cause denial-of-service or remote code-execution
- debian/patches/CVE-2019-5482.patch: ensure to use the correct block
size when calling recvfrom() if the server returns an OACK without
specifying a block size in lib/tftp.c
- CVE-2019-5482
Date: 2019-09-10 13:03:14.177156+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/curl/7.64.0-2ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list