[ubuntu/vivid-proposed] curl 7.38.0-3ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Jan 15 13:30:15 UTC 2015
curl (7.38.0-3ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: URL request injection
- debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
- CVE-2014-8150
Date: Wed, 14 Jan 2015 07:57:00 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Jan 2015 07:57:00 -0500
Source: curl
Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.38.0-3ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
curl - command line tool for transferring data with URL syntax
curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb)
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
curl (7.38.0-3ubuntu2) vivid; urgency=medium
.
* SECURITY UPDATE: URL request injection
- debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
- CVE-2014-8150
Checksums-Sha1:
555bfb5aa4a0ca561c09112dfd193cf51b0eab06 2841 curl_7.38.0-3ubuntu2.dsc
e39270218273eab2674f298adcf9ec05576fa3b6 33228 curl_7.38.0-3ubuntu2.debian.tar.xz
Checksums-Sha256:
aabbf1d273ad39f30fa39bb5094ee88ea0a851414d7ff2bbf6e57bd9c9def0cc 2841 curl_7.38.0-3ubuntu2.dsc
d3121276d80a36caabd5b1a8078dd70fe9f852a7527d72537c7af756ea8c650d 33228 curl_7.38.0-3ubuntu2.debian.tar.xz
Files:
b904e2b9bcda6ad738ff6490d0d5e4f6 2841 web optional curl_7.38.0-3ubuntu2.dsc
c29aeee0993c91e6ba1e3536e8fc8b46 33228 web optional curl_7.38.0-3ubuntu2.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUt8BrAAoJEGVp2FWnRL6TwxAP/AkHYrO2dADU/P7z2bHsuFg5
alh5b/oT2i9t7KzuK1MFeX0mjByleql7iDzS7OSrSXkroLGOH/BTXKz9C7FiqKK+
RwriqqMmjBefJ3OyL1+pCSKQrSrbO5/8JzfLs6vYx++Ks6Wj7G3uOrqA7TAZ3POx
mb5UdiwvyehhPXpBzcF//X2cUyZ47YVfoG/6P5onRQAw20YbvQSFcsSU1SElze9G
n9K3dNDH2AxEGxlzP4LtfIFBRt5Zf+cUEAnrog2dHVVdlgJ1Wi5gzWz5om60j4BA
EWRoLEV140mq5BFbGLqsLV/5ztF8UePGbK/QYtKQDsnt9f5Z2QwNk465/2c1+y8z
8F+mkUi/sMz2DM4tBWRM/bqtoggkja6g8/aE6938/T4dZvkoGmgaiUpVycntiReR
o0QAAHvixaG+sGJBFloh/n6rto9sqGRX9zb8zFTJvoJRug/IiOfLRCWXBkieFeNH
w4u3di+K9lyHXsTowrlQYC1NOc8/3m/ZVkSQxT2MAV3MzeB9hDVRWi1s/JoIv49h
FR8zEg0mLdR8yK4OJdUW9mE+z1v/sg3eaaWMWAWhrIAXxn8sDkp7y+vcncSPLI/b
VrI36cH6Wr+AeGgOO0VmN1+RX36R+KLKaswwslwis9L4Z3maRmm9vNfoXgVHXo6J
n3+SmMVb9w64MfTWLBQa
=Kabq
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list