[ubuntu/lucid-security] curl 7.19.7-1ubuntu1.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Jun 23 23:04:25 UTC 2011 

curl (7.19.7-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: libcurl unconditional credential delegation during
    GSSAPI authentication vulnerability.
    - debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
      do not delegate credentials when doing GSSAPI authentication
    - CVE-2011-2192
  * SECURITY UPDATE: libcurl zlib automatic decompression callback
    data buffer overflow
    - debian/patches/libcurl-contentencoding.patch: restrict amount of
      callback data sent to an application
    - CVE-2010-0734

Date: Wed, 08 Jun 2011 16:52:01 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/curl/7.19.7-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Wed, 08 Jun 2011 16:52:01 -0700
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev libcurl3-dbg
Architecture: source
Version: 7.19.7-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 curl       - Get a file from an HTTP, HTTPS or FTP server
 libcurl3   - Multi-protocol file transfer library (OpenSSL)
 libcurl3-dbg - libcurl compiled with debug symbols
 libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
 libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
 libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL)
Changes: 
 curl (7.19.7-1ubuntu1.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: libcurl unconditional credential delegation during
     GSSAPI authentication vulnerability.
     - debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
       do not delegate credentials when doing GSSAPI authentication
     - CVE-2011-2192
   * SECURITY UPDATE: libcurl zlib automatic decompression callback
     data buffer overflow
     - debian/patches/libcurl-contentencoding.patch: restrict amount of
       callback data sent to an application
     - CVE-2010-0734
Checksums-Sha1: 
 f475c9a682f11ee4b9dc5caad04fbc8add153c2f 2153 curl_7.19.7-1ubuntu1.1.dsc
 b2e113c7ff011db13a3bdb4607963569ee65cfdd 90351 curl_7.19.7-1ubuntu1.1.diff.gz
Checksums-Sha256: 
 38875272cc44a205b213b0eeffe91a2d3a756170432e0fc3d8512b227f49795e 2153 curl_7.19.7-1ubuntu1.1.dsc
 4a1e7cbd82cc3e42949c30ebdde3c99c0a079e904a038fd7e09043c92027ec30 90351 curl_7.19.7-1ubuntu1.1.diff.gz
Files: 
 c0c30689bdc47669a343eaf4a5df8c25 2153 web optional curl_7.19.7-1ubuntu1.1.dsc
 63cda043edf91977dc1e26ffb8b42f4d 90351 web optional curl_7.19.7-1ubuntu1.1.diff.gz
Original-Maintainer: Domenico Andreoli <cavok at debian.org>

More information about the Lucid-changes mailing list