[ubuntu/eoan-proposed] curl 7.64.0-4ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Thu Jun 20 06:08:15 UTC 2019
curl (7.64.0-4ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
* Dropped changes, included in Debian:
- SECURITY UPDATE: Integer overflows in curl_url_set()
- SECURITY UPDATE: TFTP receive buffer overflow
curl (7.64.0-4) unstable; urgency=medium
* Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
https://curl.haxx.se/docs/CVE-2019-5436.html
* Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
https://curl.haxx.se/docs/CVE-2019-5435.html
Date: Wed, 19 Jun 2019 22:50:09 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.64.0-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Jun 2019 22:50:09 -0700
Source: curl
Architecture: source
Version: 7.64.0-4ubuntu1
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 929351 929352
Changes:
curl (7.64.0-4ubuntu1) eoan; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- debian/control, debian/rules: build with libssh instead of libssh2.
* Dropped changes, included in Debian:
- SECURITY UPDATE: Integer overflows in curl_url_set()
- SECURITY UPDATE: TFTP receive buffer overflow
.
curl (7.64.0-4) unstable; urgency=medium
.
* Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
https://curl.haxx.se/docs/CVE-2019-5436.html
* Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
https://curl.haxx.se/docs/CVE-2019-5435.html
Checksums-Sha1:
190b301e697e5d078f7795e07062e91189acf2c0 2803 curl_7.64.0-4ubuntu1.dsc
0bfc7892437bd6c7b606494acb75201845123a2b 33724 curl_7.64.0-4ubuntu1.debian.tar.xz
6651eb5871fcd2e9ff95588d8dc8c558401a68b4 7732 curl_7.64.0-4ubuntu1_source.buildinfo
Checksums-Sha256:
5b844b30fd3be441c521a1c68ee4441b098387b70ac7b6f685802c8c0091fff4 2803 curl_7.64.0-4ubuntu1.dsc
0e6533068b756aa411140d98df17cfb8a58f8b3cd8890749f85c511768d30a52 33724 curl_7.64.0-4ubuntu1.debian.tar.xz
2ad0e1019896c1740555f72fdad458b2b6561ab3b73fe0fd329dc10e88fda151 7732 curl_7.64.0-4ubuntu1_source.buildinfo
Files:
9cc460b5beb918ecc69996f57e52d6ac 2803 web optional curl_7.64.0-4ubuntu1.dsc
d3e8db55ee3cc9643d22f3d861f7711d 33724 web optional curl_7.64.0-4ubuntu1.debian.tar.xz
a342fedf66ed881955b9ff6ac1377815 7732 web optional curl_7.64.0-4ubuntu1_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
-----BEGIN PGP SIGNATURE-----
iQJOBAEBCgA4FiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAl0LH6IaHHN0ZXZlLmxh
bmdhc2VrQHVidW50dS5jb20ACgkQVo0w8yGyEz0svg/+OgrFxcsNkQaBpfqvYaMw
FkJEcwlEdsFkpZzdutN8kFSrRdFcqtQtjfQpnu2wq8bJmE1pRHhR/dSgPlECUQtg
dIjQFbi10MqmZ5ehcK025buryVZvua3TUEeY+7kcraHs9Ft9OaA2ORBmNFreJRpY
xJxKb/V+piOAlKJJ0N/kIG+BmVSE/QTHoz/HOa76KrieLk3NNYqRuh7SpW/s3lEe
W8J2PrBuuz9U0EOd8YGf8YZU4ZcMgKxH2rBXnatuKzXHTqjJpksKMDJ+gY3fMEDH
OT6DEHGwEt46H8Awj3tkUvO51/TzgXpWk+stpDFVu1l+NOZjCNIK68gI967ldqMX
Cuu70y2Y2JD2+yJP8QgTVTvcx78aeldq8MrCSaS3XDQI+9Z8ptjERQY+hoCInxL3
h29Q+CR3waoa7WaNA/LuFkcd4KGAgfg5qEVXX+LgJ/FCOk00qNwv0Tt/W0KY3mPP
QITQ+KG86dU4PHiHNqZ8lDfUAMQYNdXxgWG2587ezLgng5jjv4HLVane7D4TXkDW
dJyuBliubbc/+wSxWo6GAEy8jdUU72mQSb0W4Ab6P22ncMq5tIkT+HA07bsmFb9X
TeYGaxBB/Bgwuz5BKK2DSbnEgNnY+in+QslGd83IPzTjp4+srrirVJ1Hx+ApVGkG
ZW7VAu2Cgid+V0AmQqBh9zs=
=4AaV
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list