[ubuntu/mantic-proposed] curl 8.2.1-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Sep 13 11:55:14 UTC 2023 

curl (8.2.1-1ubuntu3) mantic; urgency=medium

  * SECURITY UPDATE: HTTP headers eat all memory
    - debian/patches/CVE-2023-38039.patch: return error when receiving too
      large header set in lib/c-hyper.c, lib/cf-h1-proxy.c, lib/http.c,
      lib/http.h, lib/pingpong.c, lib/urldata.h.
    - CVE-2023-38039

Date: Mon, 11 Sep 2023 09:05:17 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/8.2.1-1ubuntu3
-------------- next part --------------
Format: 1.8
Date: Mon, 11 Sep 2023 09:05:17 -0400
Source: curl
Built-For-Profiles: noudeb
Architecture: source
Version: 8.2.1-1ubuntu3
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 curl (8.2.1-1ubuntu3) mantic; urgency=medium
 .
   * SECURITY UPDATE: HTTP headers eat all memory
     - debian/patches/CVE-2023-38039.patch: return error when receiving too
       large header set in lib/c-hyper.c, lib/cf-h1-proxy.c, lib/http.c,
       lib/http.h, lib/pingpong.c, lib/urldata.h.
     - CVE-2023-38039
Checksums-Sha1:
 49ae8869cd4661dd28ed314a90033b1154b9d42f 3086 curl_8.2.1-1ubuntu3.dsc
 17f990d19f041e00f34108c41aa75b4b6fb19e26 49400 curl_8.2.1-1ubuntu3.debian.tar.xz
 60c86cb17afb0340beebdcb852edcf52dcbe6568 10316 curl_8.2.1-1ubuntu3_source.buildinfo
Checksums-Sha256:
 041ac4692e658d5039bd714f1ded51d5b67e606e077be640803e867de44d8b37 3086 curl_8.2.1-1ubuntu3.dsc
 6539a88d6d2a84f21c298cee6897299ad55ba01d9b32fc6fedd133439e6f4e32 49400 curl_8.2.1-1ubuntu3.debian.tar.xz
 00438f4eb5933b27c5f34a8767232508ddc6a61208671f0d42a88c79a2f6e5e3 10316 curl_8.2.1-1ubuntu3_source.buildinfo
Files:
 01b9c9a831430bbbab1e28e7de451310 3086 web optional curl_8.2.1-1ubuntu3.dsc
 66eb07b862281334a43470111eb95f63 49400 web optional curl_8.2.1-1ubuntu3.debian.tar.xz
 9d476319a645969c04903fec5cdd09cc 10316 web optional curl_8.2.1-1ubuntu3_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

More information about the mantic-changes mailing list