[ubuntu/hardy-security] curl 7.18.0-1ubuntu2.3 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Jun 23 23:04:36 UTC 2011
curl (7.18.0-1ubuntu2.3) hardy-security; urgency=low
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192
* SECURITY UPDATE: libcurl zlib automatic decompression callback
data buffer overflow
- debian/patches/libcurl-contentencoding.patch: restrict amount of
callback data sent to an application
- CVE-2010-0734
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- debian/patches/series: adjust patch ordering so that
debian/patches/cert-null-cn gets applied at build time
- CVE-2009-2417
Date: Wed, 08 Jun 2011 16:51:02 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/curl/7.18.0-1ubuntu2.3
-------------- next part --------------
Format: 1.7
Date: Wed, 08 Jun 2011 16:51:02 -0700
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev libcurl3-dbg
Architecture: source
Version: 7.18.0-1ubuntu2.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
curl - Get a file from an HTTP, HTTPS or FTP server
libcurl3 - Multi-protocol file transfer library (OpenSSL)
libcurl3-dbg - libcurl compiled with debug symbols
libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL)
Changes:
curl (7.18.0-1ubuntu2.3) hardy-security; urgency=low
.
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192
* SECURITY UPDATE: libcurl zlib automatic decompression callback
data buffer overflow
- debian/patches/libcurl-contentencoding.patch: restrict amount of
callback data sent to an application
- CVE-2010-0734
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- debian/patches/series: adjust patch ordering so that
debian/patches/cert-null-cn gets applied at build time
- CVE-2009-2417
Files:
f4c2e0ce1bdc60a06f142254fd0c6714 1737 web optional curl_7.18.0-1ubuntu2.3.dsc
63e0f92fddd63372c131f67dd35b151f 25218 web optional curl_7.18.0-1ubuntu2.3.diff.gz
Original-Maintainer: Domenico Andreoli <cavok at debian.org>
More information about the Hardy-changes
mailing list