[ubuntu/kinetic-proposed] curl 7.84.0-2ubuntu2 (Accepted)

[Mark Esler]

curl (7.84.0-2ubuntu2) kinetic; urgency=medium

  * SECURITY UPDATE: when curl sends back cookies with control bytes a
    HTTP(S) server may return a 400 response
    - debian/patches/CVE-2022-35252.patch: adds invalid_octets function
      to lib/cookie.c to reject cookies with control bytes
    - CVE-2022-35252

Date: Wed, 31 Aug 2022 14:06:26 -0500
Changed-By: Mark Esler <mark.esler at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.84.0-2ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 31 Aug 2022 14:06:26 -0500
Source: curl
Built-For-Profiles: noudeb
Architecture: source
Version: 7.84.0-2ubuntu2
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mark Esler <mark.esler at canonical.com>
Changes:
 curl (7.84.0-2ubuntu2) kinetic; urgency=medium
 .
   * SECURITY UPDATE: when curl sends back cookies with control bytes a
     HTTP(S) server may return a 400 response
     - debian/patches/CVE-2022-35252.patch: adds invalid_octets function
       to lib/cookie.c to reject cookies with control bytes
     - CVE-2022-35252
Checksums-Sha1:
 13a62b6f6cb3391695576b0e08f9edee20f8b3bf 2758 curl_7.84.0-2ubuntu2.dsc
 378aff3c454cd46d1b76b7c1056caafb1de4fbf0 37444 curl_7.84.0-2ubuntu2.debian.tar.xz
 fe99f24ef19bea1f680c4181a174504e81b924ca 10108 curl_7.84.0-2ubuntu2_source.buildinfo
Checksums-Sha256:
 6243358e647428cccec70b52fe66a4dcc3acfd6b3c14b42fbc99134a9ddcd936 2758 curl_7.84.0-2ubuntu2.dsc
 70827e64d99b865d123c5d26a0bc5436b55c977ef8a78b68a9dbcfeff16c9dec 37444 curl_7.84.0-2ubuntu2.debian.tar.xz
 45fca3286eddaf96eae4f105358834760ae2e0c7b363869c091fedf7f755a988 10108 curl_7.84.0-2ubuntu2_source.buildinfo
Files:
 1f686ed8f64a07be0d5f935c78d5cc3e 2758 web optional curl_7.84.0-2ubuntu2.dsc
 5c6d89f52ca2b5a2ff2769c36712295e 37444 web optional curl_7.84.0-2ubuntu2.debian.tar.xz
 a291f1a7f947ed40a30aa149c7086825 10108 web optional curl_7.84.0-2ubuntu2_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>