[ubuntu/groovy-proposed] curl 7.68.0-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jun 29 14:55:13 UTC 2020 

curl (7.68.0-1ubuntu3) groovy; urgency=medium

  * SECURITY UPDATE: Partial password leak over DNS on HTTP redirect
    - debian/patches/CVE-2020-8169.patch: make the updated credentials
      URL-encoded in the URL in lib/url.c, tests/data/test1168,
      tests/data/Makefile.inc.
    - CVE-2020-8169
  * SECURITY UPDATE: curl overwrite local file with -J
    - debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
      src/tool_cb_hdr.c, src/tool_getparam.c.
    - CVE-2020-8177

Date: Mon, 29 Jun 2020 10:47:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 29 Jun 2020 10:47:54 -0400
Source: curl
Architecture: source
Version: 7.68.0-1ubuntu3
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 curl (7.68.0-1ubuntu3) groovy; urgency=medium
 .
   * SECURITY UPDATE: Partial password leak over DNS on HTTP redirect
     - debian/patches/CVE-2020-8169.patch: make the updated credentials
       URL-encoded in the URL in lib/url.c, tests/data/test1168,
       tests/data/Makefile.inc.
     - CVE-2020-8169
   * SECURITY UPDATE: curl overwrite local file with -J
     - debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
       src/tool_cb_hdr.c, src/tool_getparam.c.
     - CVE-2020-8177
Checksums-Sha1:
 1b1e3758848ce84b3c4f5799de98f67fcc8f8847 2725 curl_7.68.0-1ubuntu3.dsc
 f351b3c572fe3de3ef496568d1fef91c50691f03 33420 curl_7.68.0-1ubuntu3.debian.tar.xz
 e291a684b2a8232a827b815428195989c5858034 8938 curl_7.68.0-1ubuntu3_source.buildinfo
Checksums-Sha256:
 61e9f1367a22ed8f6f2a62ce6132d2135f64ab79d7b4f4eea39c0b13eaaecbf6 2725 curl_7.68.0-1ubuntu3.dsc
 4a02ed0ad87dcdf1b9847a6ad261f78ddb6382b116f262269c3923903c4c91be 33420 curl_7.68.0-1ubuntu3.debian.tar.xz
 0aec5c94e4d408fe9b43aeacb64e2eeb569acecfd8856b6188037444577d2b6c 8938 curl_7.68.0-1ubuntu3_source.buildinfo
Files:
 867da6305d8a2237fd79aece8eefde2b 2725 web optional curl_7.68.0-1ubuntu3.dsc
 a55031acf9d790903f01e5e1cacfd4f2 33420 web optional curl_7.68.0-1ubuntu3.debian.tar.xz
 f870b3ea1b6398f46950b4455730bea0 8938 web optional curl_7.68.0-1ubuntu3_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl76AA0ACgkQZWnYVadE
vpOZ4RAAl8IuYeFR9PTSSPNvJFMQKA6eFVB5M5XhYj93yg+4/x1P8xBCDz7ZDYue
YCx9w9tConSkno8YUvTNTuSAyLXADv0DRNfIcEZ9qnbRybBMqqO+zNrZdSm4vXUI
DPB/4RghrHKjP6XyGeJHiEdLvCop/HO2rLmBesOOFdcmyVOhbhZ5wnNSG6vYzInQ
Uww/FT+5U61nB6Wga6xA7naumSsyVZdkG9vPonfnfeL1IHLLZg3IAbEV6IN4sWVu
OhM21OwJT+iOKlrnnDXTTs1oFlq2pvYTgpBaAV/pj1Xcee7GTL4b1xLRVaFFP0ov
TjDZ9GFe3mq2MsyeZfkZGb9MGN7x1Xan+1TJ7GGhJqIkiIGoKaHQNlRruKy9M61u
Ug0jlZJrNXhOIFNr7oun6h4SvIRz8PaMZnHSRze9PHshJfR0AuI1UlFM85u8QD4B
RCllEudZRhjEOT68SGmKYLeZQFiiTy2RG+a9gQAq21/6rOgSI6upWyObOHegQfd3
v6HRw80bEL1HxnDhRbd9075PAs2o/GRzF8ToaRaNHSlvOCmE4fWQ7WhaPGyOeUIK
Kz2FfMBmxNbZXQIu4pnt6xqUpGoAbtl+aua6zyn7jPu1elA5TGIyixmLTRvq6/hd
LHkJRv8Rpv++pS61j5JW52B/45g55HIR8zr5lyojJIKVd46CVI0=
=TsCn
-----END PGP SIGNATURE-----

More information about the Groovy-changes mailing list