[ubuntu/lunar-proposed] curl 7.88.1-6ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Mar 20 16:34:15 UTC 2023
curl (7.88.1-6ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: TELNET option IAC injection
- debian/patches/CVE-2023-27533.patch: only accept option arguments in
ascii in lib/telnet.c.
- CVE-2023-27533
* SECURITY UPDATE: SFTP path ~ resolving discrepancy
- debian/patches/CVE-2023-27534.patch: create the new path with dynbuf
in lib/curl_path.c.
- CVE-2023-27534
* SECURITY UPDATE: FTP too eager connection reuse
- debian/patches/CVE-2023-27535.patch: add more conditions for
connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h.
- CVE-2023-27535
* SECURITY UPDATE: GSS delegation too eager connection re-use
- debian/patches/CVE-2023-27536.patch: only reuse connections with same
GSS delegation in lib/url.c, lib/urldata.h.
- CVE-2023-27536
* SECURITY UPDATE: HSTS double-free
- debian/patches/CVE-2023-27537.patch: clarify documentation in
docs/libcurl/opts/CURLSHOPT_SHARE.3.
- CVE-2023-27537
* SECURITY UPDATE: SSH connection too eager reuse still
- debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse
check in lib/url.c.
- CVE-2023-27538
Date: Mon, 20 Mar 2023 10:27:46 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.88.1-6ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 20 Mar 2023 10:27:46 -0400
Source: curl
Built-For-Profiles: noudeb
Architecture: source
Version: 7.88.1-6ubuntu2
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
curl (7.88.1-6ubuntu2) lunar; urgency=medium
.
* SECURITY UPDATE: TELNET option IAC injection
- debian/patches/CVE-2023-27533.patch: only accept option arguments in
ascii in lib/telnet.c.
- CVE-2023-27533
* SECURITY UPDATE: SFTP path ~ resolving discrepancy
- debian/patches/CVE-2023-27534.patch: create the new path with dynbuf
in lib/curl_path.c.
- CVE-2023-27534
* SECURITY UPDATE: FTP too eager connection reuse
- debian/patches/CVE-2023-27535.patch: add more conditions for
connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h.
- CVE-2023-27535
* SECURITY UPDATE: GSS delegation too eager connection re-use
- debian/patches/CVE-2023-27536.patch: only reuse connections with same
GSS delegation in lib/url.c, lib/urldata.h.
- CVE-2023-27536
* SECURITY UPDATE: HSTS double-free
- debian/patches/CVE-2023-27537.patch: clarify documentation in
docs/libcurl/opts/CURLSHOPT_SHARE.3.
- CVE-2023-27537
* SECURITY UPDATE: SSH connection too eager reuse still
- debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse
check in lib/url.c.
- CVE-2023-27538
Checksums-Sha1:
ae519632f61c6ece347832790a60a21e071350f4 3219 curl_7.88.1-6ubuntu2.dsc
718bf3494c5adfd12636622f5841b544a8922622 45772 curl_7.88.1-6ubuntu2.debian.tar.xz
ca1a74eeb5a3819cb20aef805199f21d95f9c648 10252 curl_7.88.1-6ubuntu2_source.buildinfo
Checksums-Sha256:
58fefb6b14115e013c7a0a47b68d3c127c41bfef4a40c50605d909b060500865 3219 curl_7.88.1-6ubuntu2.dsc
d54f9d3dc48d26a16547252692527ff0e800f17afa602d8ce3e113d4576e7392 45772 curl_7.88.1-6ubuntu2.debian.tar.xz
e63a1f1569f5466cf11e12f6ba188b58dda7cbd08c93dff9c194a58cbea0e7d5 10252 curl_7.88.1-6ubuntu2_source.buildinfo
Files:
7cf4051ccc33d41ad354be0d9fcd33a3 3219 web optional curl_7.88.1-6ubuntu2.dsc
3d9082b0fae9caf8c38cd485796effee 45772 web optional curl_7.88.1-6ubuntu2.debian.tar.xz
ba89887c1a02c7fe2b9a7793b3f73004 10252 web optional curl_7.88.1-6ubuntu2_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
More information about the lunar-changes
mailing list