[ubuntu/eoan-proposed] curl 7.65.3-1ubuntu3 (Accepted)

[Alex Murray]

curl (7.65.3-1ubuntu3) eoan; urgency=medium

  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

Date: Fri, 06 Sep 2019 14:52:01 +0930
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Sep 2019 14:52:01 +0930
Source: curl
Architecture: source
Version: 7.65.3-1ubuntu3
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Alex Murray <alex.murray at canonical.com>
Changes:
 curl (7.65.3-1ubuntu3) eoan; urgency=medium
 .
   * SECURITY UPDATE: double-free when using kerberos over FTP may cause
     denial-of-service
     - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
     - CVE-2019-5481
   * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
     cause denial-of-service or remote code-execution
     - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
       size when calling recvfrom() if the server returns an OACK without
       specifying a block size in lib/tftp.c
     - CVE-2019-5482
Checksums-Sha1:
 277a71bf3d6c5ae77a975718f03ad300a621b991 2709 curl_7.65.3-1ubuntu3.dsc
 ed91dbd70c0926ff97243b47068d454af7d4fe9b 30764 curl_7.65.3-1ubuntu3.debian.tar.xz
 dec84d260d0132733c9cd4b213edee895fc45633 8699 curl_7.65.3-1ubuntu3_source.buildinfo
Checksums-Sha256:
 cb62f24f9cda19bdcb719e5edcf92f64a6ed2b2fbe706b75585eeeb6fbfa6968 2709 curl_7.65.3-1ubuntu3.dsc
 4cc76896389aeda3f4a7d27edcc526cd9c944cd42c7d14fd7f95dd21973cf827 30764 curl_7.65.3-1ubuntu3.debian.tar.xz
 b329d3d391506225c8c9132663922176f13f28041dddfc62b50af45bdb557f23 8699 curl_7.65.3-1ubuntu3_source.buildinfo
Files:
 6f2441471103bbff62de186db469ffb8 2709 web optional curl_7.65.3-1ubuntu3.dsc
 0e9747d07e70ab8dce7db59630ee5c4c 30764 web optional curl_7.65.3-1ubuntu3.debian.tar.xz
 f59808c0d2e7145a0d9da40a125628b5 8699 web optional curl_7.65.3-1ubuntu3_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl1447MACgkQZWnYVadE
vpOVDw/6A6c3KY/EFKwZc1pzIxD+c51S6bP30yYlF0TtRqOBWqjeoe2obUVYCAMY
YQcmCOHphTrco4nJieQ0xacdYSODoLrk3gCTRMUJengMovSilEgRVWE65y/yZaGP
LkTJ3OBtFW3xVeuBfzMtnbW4uG9TGOG+SwkrOXBdB6zyACiEfPac7n5SjxXOadBo
mc4PZTjTk+p9CBJ2DfwztCc69RidE2tde4lFFaB5+t/sS+UeiPCKAZEUqHQPvfTs
tM4GtAjSqm/tUjEOh86nkuX9ff7a+OvAFIcCx93TrsiObTey8BKTn1PqPb7xfGnf
GKn+PVQwFGVpIrT/fucS4wbdHCnACb9Jjd+DKuFsRgToU06WilHQxRWlscdYMt9+
fVTWKE2EmJuRcYoykuhhJMTUJyA3tuxkYXgIVKeYRRYstAF/ZGAN5sx6mJNljTT5
bcjs/Iwh+GlT1b9b1uDMroG3GgC4Xg3DdILNYsFO0M3obTGVPnrp97JJDqvPCTIa
PjoDGYe7OvppfXHkxBwzNnztkVpU574RFlwknzrTyy841TQ599p6lnSbErgPrq3e
cAhIZBjviPXMzsGT4QOa3TNaEpavlup7o4kDIYbIbjIVd+SyQ4n/qdqEvdaTqM+I
iqOFhcvXgBH8otfgfOXU6Ozt5bjGB80mSaBUoZUZ1p8OWBJJ7ZE=
=R+fW
-----END PGP SIGNATURE-----