[ubuntu/eoan-proposed] curl 7.64.0-3ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed May 22 15:38:16 UTC 2019 

curl (7.64.0-3ubuntu2) eoan; urgency=medium

  * SECURITY UPDATE: Integer overflows in curl_url_set()
    - debian/patches/CVE-2019-5435.patch: limit sizes in lib/setopt.c,
      lib/urlapi.c, lib/urldata.h, tests/data/Makefile.inc,
      tests/data/test1559, tests/libtest/Makefile.inc,
      tests/libtest/lib1559.c.
    - CVE-2019-5435
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5436.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5436

Date: Wed, 22 May 2019 09:36:43 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.64.0-3ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 May 2019 09:36:43 -0400
Source: curl
Architecture: source
Version: 7.64.0-3ubuntu2
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 curl (7.64.0-3ubuntu2) eoan; urgency=medium
 .
   * SECURITY UPDATE: Integer overflows in curl_url_set()
     - debian/patches/CVE-2019-5435.patch: limit sizes in lib/setopt.c,
       lib/urlapi.c, lib/urldata.h, tests/data/Makefile.inc,
       tests/data/test1559, tests/libtest/Makefile.inc,
       tests/libtest/lib1559.c.
     - CVE-2019-5435
   * SECURITY UPDATE: TFTP receive buffer overflow
     - debian/patches/CVE-2019-5436.patch: use the current blksize in
       lib/tftp.c.
     - CVE-2019-5436
Checksums-Sha1:
 5e032f3ea817dda0e00dd087ce176cb1b6911393 2766 curl_7.64.0-3ubuntu2.dsc
 9589a7cbc07923949c26a5ddef23aa5f51db7f5b 33776 curl_7.64.0-3ubuntu2.debian.tar.xz
 6d75ae576058cd355385067c6b5d373af243147b 8640 curl_7.64.0-3ubuntu2_source.buildinfo
Checksums-Sha256:
 6d2d72fad83d09734cdb2dde61949ba8a0700b785e49ee502a7ff48da6ce5592 2766 curl_7.64.0-3ubuntu2.dsc
 e92554e3fdd406e99f8a16bd2f3e690cc95c6e728d1c6750b6c2954fe0720050 33776 curl_7.64.0-3ubuntu2.debian.tar.xz
 a3bf386ba1d2dfb71d1d22a8e3c58f37f3d71937b8486c47d0b9b631344f2389 8640 curl_7.64.0-3ubuntu2_source.buildinfo
Files:
 d79383f7991d4233592c27c32846b5a9 2766 web optional curl_7.64.0-3ubuntu2.dsc
 39a178c0914746cc80c901b7bcf53ca6 33776 web optional curl_7.64.0-3ubuntu2.debian.tar.xz
 453028ca6c5058402caa288c4b6c2094 8640 web optional curl_7.64.0-3ubuntu2_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzlaPYACgkQZWnYVadE
vpPKCw//SdwFksiCzRIucX+YWe/H3XjpENgE94LvwBjhkqt05XKQZKambVQpwIl1
N8BFr5ShWCJjgW19hbxLYwmJkRpuUR7tKOEU/FzHcjQCCM6hRl978kTiUENX9A3I
bciGa3NfKSYtCMZu2ZGcX4LEskrFMQnklcOb55JD1ZcAmxxOei0pNtomKJwvQYeM
o5uzcck9eF/yWjqJwXF6lEW4TWpnU0TgYLQZMl1spMAapJ4tiVCgC2VZBW55NgYC
CisB73+Jw1T4+GnsQBJXrfsS35UbWNt9cuJFNTBmt382uME+86flhatqng/7E0Ti
wTHGZB9lHd4sMqNIfqhd/8hXQSQTt6a6XJw8v/PgvKqAfyt0/PpOtrsCIwTcKdTU
Q2CIw5864OKoujxKpQ36oLeygaDdqbITquew/MPzNnV1Lmzs58ZoRC2xQMuITMkX
EBbpIFcDULkymLlP5FphQNBwiFbynPKvaBhFrQm4c+rtlZWiGX5LfbvZxG7e5gYg
G2rPBOTbkFxI++y+4BK3FaDxOaegHMhUalp9/ouYYrZSratcdpfB7EU+vquVBWOU
DFbfGHu/TRhujRFL5KdoQ3DotcHsEqlL0JVL51WFhKnOkZNdktZidm9/pd+johvy
z03StTnFyZVwoX/lXs9GEZsZlleBXXU2HMCdcqiTODSHCRheJ7I=
=Ep6d
-----END PGP SIGNATURE-----

More information about the Eoan-changes mailing list