[ubuntu/hirsute-proposed] curl 7.72.0-1ubuntu1 (Accepted)

Lukas Märdian lukas.maerdian at canonical.com
Mon Nov 9 12:00:14 UTC 2020 

curl (7.72.0-1ubuntu1) hirsute; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - debian/control: build with libssh instead of libssh2
  * Drop d/p/CVE-2020-8169.patch and d/p/CVE-2020-8177.patch
    - Both are fixed upstream >= 7.72
  * Drop d/p/git_tls13_gnutls.patch: Ensure TLS 1.3 works with GnuTLS
    - Included upstream, as of d59090831892210c2b0d38e92b492d6b36a3c70c

curl (7.72.0-1) unstable; urgency=medium

  * New upstream release
    + Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
      (Closes: #965280)
      https://curl.haxx.se/docs/CVE-2020-8169.html
    + Fix local file overwrite with -J option as per CVE-2020-8177
      (Closes: #965281)
      https://curl.haxx.se/docs/CVE-2020-8177.html
    + Fix wrong connect-only connection as per CVE-2020-8231 (Closes: #968831)
      https://curl.haxx.se/docs/CVE-2020-8231.html
  * Refresh patches
  * Do not install *.la files.
    Thanks to Pino Toscano for the patch. (Closes: #955785)
  * Update list of doc files
  * Update copyright for polarssl -> mbedtls rename
  * Use python3 executable in tests

Date: Mon, 09 Nov 2020 12:08:49 +0100
Changed-By: Lukas Märdian <lukas.maerdian at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Matthias Klose <doko at ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.72.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 09 Nov 2020 12:08:49 +0100
Source: curl
Architecture: source
Version: 7.72.0-1ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lukas Märdian <lukas.maerdian at canonical.com>
Closes: 955785 965280 965281 968831
Changes:
 curl (7.72.0-1ubuntu1) hirsute; urgency=medium
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/control: build with libssh instead of libssh2
   * Drop d/p/CVE-2020-8169.patch and d/p/CVE-2020-8177.patch
     - Both are fixed upstream >= 7.72
   * Drop d/p/git_tls13_gnutls.patch: Ensure TLS 1.3 works with GnuTLS
     - Included upstream, as of d59090831892210c2b0d38e92b492d6b36a3c70c
 .
 curl (7.72.0-1) unstable; urgency=medium
 .
   * New upstream release
     + Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
       (Closes: #965280)
       https://curl.haxx.se/docs/CVE-2020-8169.html
     + Fix local file overwrite with -J option as per CVE-2020-8177
       (Closes: #965281)
       https://curl.haxx.se/docs/CVE-2020-8177.html
     + Fix wrong connect-only connection as per CVE-2020-8231 (Closes: #968831)
       https://curl.haxx.se/docs/CVE-2020-8231.html
   * Refresh patches
   * Do not install *.la files.
     Thanks to Pino Toscano for the patch. (Closes: #955785)
   * Update list of doc files
   * Update copyright for polarssl -> mbedtls rename
   * Use python3 executable in tests
Checksums-Sha1:
 35e60c6fd43e6adbecc7ac9346a7aa832b74417d 2768 curl_7.72.0-1ubuntu1.dsc
 735352fc82f7ebeeaaba2b584e564c78642d3dac 4051784 curl_7.72.0.orig.tar.gz
 11a1c36f8fbb751569fb081a31471c06685d1d31 30984 curl_7.72.0-1ubuntu1.debian.tar.xz
 e354c08fa562b921b47c58f10fef7d1f774fa063 7970 curl_7.72.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 2a0831b140feff50cadd1ee8328b73cde72de51c3941d701eb443c2913657831 2768 curl_7.72.0-1ubuntu1.dsc
 d4d5899a3868fbb6ae1856c3e55a32ce35913de3956d1973caccd37bd0174fa2 4051784 curl_7.72.0.orig.tar.gz
 573f60b029e653ba4e9dd0c54efc9019cebf0813bd9a268f6098f32c2c9e70c9 30984 curl_7.72.0-1ubuntu1.debian.tar.xz
 3fb474cbaa470e7bd2233d37eab79599a998d2cd5ed2e1f1b51a7bd16e9e00ef 7970 curl_7.72.0-1ubuntu1_source.buildinfo
Files:
 960ae3524129985fc32e32ec7828d9fd 2768 web optional curl_7.72.0-1ubuntu1.dsc
 7422feb126df677d2d33294a1fd079ea 4051784 web optional curl_7.72.0.orig.tar.gz
 cb8b15ebbb3c9a33ea6775b41fb32c5d 30984 web optional curl_7.72.0-1ubuntu1.debian.tar.xz
 8805b6b10bd0744d32ea55e70b69ec40 7970 web optional curl_7.72.0-1ubuntu1_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAl+pLycQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9dUwEADHdgr5jPgtzeyuG5AHdaemuBkj341jxTWp
fpvlcGeu4bcPQgaQkKGhjd2X8CfSXRzaXAHbolxh/MBTZfqN61TSxpFiqWw5x8tj
/jzYAE8NTVzNvMPxeVM+GvU+/qYffD7+OgBKT+HKF5VCtOzvwR3klkokPOR0SntD
SeYndtmwtNETgfK46CAVbiRMOMBQrFM6r5TEtXG75wnIEYckKcl1Z4rJi6GvfItH
/QBbVKjVlo2pIoBDjiukjQNtYAF2p5v4Qm+zn8EFuxUz50yqaPGJm5j7PKoXfrVy
ue6KZy0Yy63bxScxp4Ouk3NF2163XrCrhyS5CUsByC7NIPVFgFyUDBVpFKHixf+v
mSAMHQ4gduC03zO7M/hIh1PJtuLsV96V6mGyY78Br9pFWnJk2jQCU/yMnRUSJLUw
fXwTXmseh+j5QE9lfdKiaZ5zkJmyaNQ5uSTwCETowdIJwnB08zOrQwD/dkfP0ArF
v25UDDW1nnewoXhmKtC7WvWaRhuwSfy89RS2us/FLKjSYcsQkEh2lA9XAn1fjUh5
L9aKXfV1llCfo/eJlGfPyu/s5Esu1tGg+Wmt7uAi58WOeQylDeivEDVbH6SpJdXx
w8wvCHx9iWDnwuCs2c3PzLPOk7FDfGCbQyB/pkjYn+QPaQ8sR3MEXTYvddLY+YW6
hr51amXBQA==
=wyJT
-----END PGP SIGNATURE-----

More information about the Hirsute-changes mailing list