Accepted curl 7.12.3-2ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Mon Feb 28 04:15:03 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 28 Feb 2005 11:06:25 +0100
Source: curl
Binary: libcurl3-dbg libcurl2-dev libcurl3 libcurl3-dev libcurl3-gssapi libcurl2 curl
Architecture: source
Version: 7.12.3-2ubuntu1
Distribution: hoary
Urgency: low
Maintainer: Domenico Andreoli <cavok at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
curl - Get a file from an HTTP, HTTPS, FTP or GOPHER server
libcurl2 - Multi-protocol file transfer library, now with SSL support!
libcurl2-dev - Development files and documentation for libcurl
libcurl3 - Multi-protocol file transfer library, now with SSL support!
libcurl3-dbg - libcurl compiled with debug symbols
libcurl3-dev - Development files and documentation for libcurl
libcurl3-gssapi - libcurl compiled with GSSAPI support
Changes:
curl (7.12.3-2ubuntu1) hoary; urgency=low
.
* SECURITY UPDATE: Fix remote buffer overflow.
* lib/http_ntlm.c, Curl_input_ntlm(): Replace static 1024 byte "buffer" with
a dynamically allocated one to avoid overflows by malicious long NTLM
payloads.
* References:
CAN-2005-0490
http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities
* Note: Kerberos 4 is disabled, so we are not vulnerable against
http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities
Files:
04ef8a04226b79ca7a0d5deef7888d19 837 web optional curl_7.12.3-2ubuntu1.dsc
b3ffeb73fc74c987d0d7e5c3a2f0a58d 1261078 web optional curl_7.12.3-2ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCIu1HDecnbV4Fd/IRAqgvAKDGjb3EEaPX7epR0LjLqCejXpSQmQCfeFDN
LqiCYsyDSAHi6HJXhfYQ/Ac=
=Da1D
-----END PGP SIGNATURE-----
Accepted:
curl_7.12.3-2ubuntu1.diff.gz
to pool/main/c/curl/curl_7.12.3-2ubuntu1.diff.gz
curl_7.12.3-2ubuntu1.dsc
to pool/main/c/curl/curl_7.12.3-2ubuntu1.dsc
More information about the hoary-changes
mailing list