[ubuntu/trusty-proposed] curl 7.35.0-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Apr 1 17:14:07 UTC 2014
curl (7.35.0-1ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: wrong re-use of connections
- debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
HTTP logic, and extend new connection logic to other protocols in
lib/http.c, lib/url.c, lib/urldata.h, add new tests to
tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
- CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
literal IP addresses
- debian/patches/CVE-2014-0139.patch: fix wildcard logic in
lib/hostcheck.c, added tests to tests/data/Makefile.am,
tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
- CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
fail.
Date: Tue, 01 Apr 2014 09:25:23 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/curl/7.35.0-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 01 Apr 2014 09:25:23 -0400
Source: curl
Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.35.0-1ubuntu2
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
curl - command line tool for transferring data with URL syntax
curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb)
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
curl (7.35.0-1ubuntu2) trusty; urgency=medium
.
* SECURITY UPDATE: wrong re-use of connections
- debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
HTTP logic, and extend new connection logic to other protocols in
lib/http.c, lib/url.c, lib/urldata.h, add new tests to
tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
- CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
literal IP addresses
- debian/patches/CVE-2014-0139.patch: fix wildcard logic in
lib/hostcheck.c, added tests to tests/data/Makefile.am,
tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
- CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
fail.
Checksums-Sha1:
45afdb6f9ec3a0ef188275ed2c541f471a781d2b 2729 curl_7.35.0-1ubuntu2.dsc
f639380f7ed9e0a1dfd11d2b735b44f735bc6c7c 36443 curl_7.35.0-1ubuntu2.debian.tar.gz
Checksums-Sha256:
f5befcffe94267f963da4c5a78b7563ff02ad2b7b1c39a64048e75fb94b462a5 2729 curl_7.35.0-1ubuntu2.dsc
96b4883d9c57cf834d1208d39ddff78e94cd33e4ed4e8a0ff1f343b807233dfe 36443 curl_7.35.0-1ubuntu2.debian.tar.gz
Files:
81aaa4b6b196bd9e296a017d12088efe 2729 web optional curl_7.35.0-1ubuntu2.dsc
5362b0efa957ccd92711958924abb266 36443 web optional curl_7.35.0-1ubuntu2.debian.tar.gz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
More information about the Trusty-changes
mailing list