[ubuntu/lucid-security] curl 7.19.7-1ubuntu1.1 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Jun 23 23:04:25 UTC 2011
curl (7.19.7-1ubuntu1.1) lucid-security; urgency=low
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192
* SECURITY UPDATE: libcurl zlib automatic decompression callback
data buffer overflow
- debian/patches/libcurl-contentencoding.patch: restrict amount of
callback data sent to an application
- CVE-2010-0734
Date: Wed, 08 Jun 2011 16:52:01 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/curl/7.19.7-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Wed, 08 Jun 2011 16:52:01 -0700
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev libcurl3-dbg
Architecture: source
Version: 7.19.7-1ubuntu1.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
curl - Get a file from an HTTP, HTTPS or FTP server
libcurl3 - Multi-protocol file transfer library (OpenSSL)
libcurl3-dbg - libcurl compiled with debug symbols
libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL)
Changes:
curl (7.19.7-1ubuntu1.1) lucid-security; urgency=low
.
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192
* SECURITY UPDATE: libcurl zlib automatic decompression callback
data buffer overflow
- debian/patches/libcurl-contentencoding.patch: restrict amount of
callback data sent to an application
- CVE-2010-0734
Checksums-Sha1:
f475c9a682f11ee4b9dc5caad04fbc8add153c2f 2153 curl_7.19.7-1ubuntu1.1.dsc
b2e113c7ff011db13a3bdb4607963569ee65cfdd 90351 curl_7.19.7-1ubuntu1.1.diff.gz
Checksums-Sha256:
38875272cc44a205b213b0eeffe91a2d3a756170432e0fc3d8512b227f49795e 2153 curl_7.19.7-1ubuntu1.1.dsc
4a1e7cbd82cc3e42949c30ebdde3c99c0a079e904a038fd7e09043c92027ec30 90351 curl_7.19.7-1ubuntu1.1.diff.gz
Files:
c0c30689bdc47669a343eaf4a5df8c25 2153 web optional curl_7.19.7-1ubuntu1.1.dsc
63cda043edf91977dc1e26ffb8b42f4d 90351 web optional curl_7.19.7-1ubuntu1.1.diff.gz
Original-Maintainer: Domenico Andreoli <cavok at debian.org>
More information about the Lucid-changes
mailing list