[ubuntu/wily-proposed] curl 7.42.1-2ubuntu1 (Accepted)

Gianfranco Costamagna costamagnagianfranco at yahoo.it
Mon Jun 8 09:36:14 UTC 2015 

curl (7.42.1-2ubuntu1) wily; urgency=low

  * Merge from Debian (LP: #1459685). Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop stunnel4 and libssh2-1-dev.
      + Drop libssh2-1-dev from binary package Depends.
  * Dropped patches:
    - debian/patches/CVE-2015-3143.patch: upstream
    - debian/patches/CVE-2015-3148.patch: upstream
    - debian/patches/CVE-2015-3144.patch: upstream
    - debian/patches/CVE-2015-3153.patch: upstream
    - debian/patches/CVE-2014-8150.patch: upstream
    - debian/patches/CVE-2015-3145.patch: upstream
  * Dropped the added udeb packages. They were empty since trusty and were
    originally added for LP: #831496, this change is likely not needed any
    more.

curl (7.42.1-2) unstable; urgency=medium

  * Switch curl binary to libcurl3-gnutls (Closes: #342719)
    This is the first step of a possible migration to a GnuTLS-only
    libcurl for Debian. Let's see how it goes.

curl (7.42.1-1) unstable; urgency=high

  * New upstream release
    - Don't send sensitive HTTP server headers to proxies as per
      CVE-2015-3153
      http://curl.haxx.se/docs/adv_20150429.html
  * Drop 08_fix-spelling.patch (merged upstream)
  * Refresh patches

curl (7.42.0-1) unstable; urgency=medium

  * New upstream release
    - Fix re-using authenticated connection when unauthenticated
      as per CVE-2015-3143
      http://curl.haxx.se/docs/adv_20150422A.html
    - Fix host name out of boundary memory access as per CVE-2015-3144
      http://curl.haxx.se/docs/adv_20150422D.html
    - Fix cookie parser out of boundary memory access as per CVE-2015-3145
      http://curl.haxx.se/docs/adv_20150422C.html
    - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
      http://curl.haxx.se/docs/adv_20150422B.html
    - Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is
      defined (Closes: #768562)
  * Drop patches merged upstream
  * Refresh patches
  * Bump Standards-Version to 3.9.6 (no changes needed)

curl (7.38.0-4) unstable; urgency=high

  * Fix URL request injection vulnerability as per CVE-2014-8150
    http://curl.haxx.se/docs/adv_20150108B.html
  * Set urgency=high accordingly

Date: Thu, 28 May 2015 15:53:47 +0200
Changed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Daniel Holbach <daniel.holbach at ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.42.1-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 28 May 2015 15:53:47 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.42.1-2ubuntu1
Distribution: wily
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 342719 768562
Launchpad-Bugs-Fixed: 831496 1459685
Changes:
 curl (7.42.1-2ubuntu1) wily; urgency=low
 .
   * Merge from Debian (LP: #1459685). Remaining changes:
     - Drop dependencies not in main:
       + Build-Depends: Drop stunnel4 and libssh2-1-dev.
       + Drop libssh2-1-dev from binary package Depends.
   * Dropped patches:
     - debian/patches/CVE-2015-3143.patch: upstream
     - debian/patches/CVE-2015-3148.patch: upstream
     - debian/patches/CVE-2015-3144.patch: upstream
     - debian/patches/CVE-2015-3153.patch: upstream
     - debian/patches/CVE-2014-8150.patch: upstream
     - debian/patches/CVE-2015-3145.patch: upstream
   * Dropped the added udeb packages. They were empty since trusty and were
     originally added for LP: #831496, this change is likely not needed any
     more.
 .
 curl (7.42.1-2) unstable; urgency=medium
 .
   * Switch curl binary to libcurl3-gnutls (Closes: #342719)
     This is the first step of a possible migration to a GnuTLS-only
     libcurl for Debian. Let's see how it goes.
 .
 curl (7.42.1-1) unstable; urgency=high
 .
   * New upstream release
     - Don't send sensitive HTTP server headers to proxies as per
       CVE-2015-3153
       http://curl.haxx.se/docs/adv_20150429.html
   * Drop 08_fix-spelling.patch (merged upstream)
   * Refresh patches
 .
 curl (7.42.0-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix re-using authenticated connection when unauthenticated
       as per CVE-2015-3143
       http://curl.haxx.se/docs/adv_20150422A.html
     - Fix host name out of boundary memory access as per CVE-2015-3144
       http://curl.haxx.se/docs/adv_20150422D.html
     - Fix cookie parser out of boundary memory access as per CVE-2015-3145
       http://curl.haxx.se/docs/adv_20150422C.html
     - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
       http://curl.haxx.se/docs/adv_20150422B.html
     - Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is
       defined (Closes: #768562)
   * Drop patches merged upstream
   * Refresh patches
   * Bump Standards-Version to 3.9.6 (no changes needed)
 .
 curl (7.38.0-4) unstable; urgency=high
 .
   * Fix URL request injection vulnerability as per CVE-2014-8150
     http://curl.haxx.se/docs/adv_20150108B.html
   * Set urgency=high accordingly
Checksums-Sha1:
 a88671d1892cb0e6aa3ee538177e0e6ac412e8e8 2069 curl_7.42.1-2ubuntu1.dsc
 eff27e4527388895638103c6133cf79130025555 4291533 curl_7.42.1.orig.tar.gz
 a13763611b27af2c2e0436bf0d587908be9fdb56 28104 curl_7.42.1-2ubuntu1.debian.tar.xz
Checksums-Sha256:
 49ebc145105bcd90b1f52d48f9311283c5005facfba99fcd110910934a026924 2069 curl_7.42.1-2ubuntu1.dsc
 4fc504f4fac56d091162707941d06c72a4222fc6fa48ca8193e44ee74baf079c 4291533 curl_7.42.1.orig.tar.gz
 4b8ac9ac3f48b491790ebc88ef95ec926f017475d2d0ccdbcbd67aba4b5d45e9 28104 curl_7.42.1-2ubuntu1.debian.tar.xz
Files:
 b58b43e5bdadb3b19dd247bf829af810 2069 web optional curl_7.42.1-2ubuntu1.dsc
 8df5874c4a67ad55496bf3af548d99a2 4291533 web optional curl_7.42.1.orig.tar.gz
 505f4617ef37277a299c91fd0d612249 28104 web optional curl_7.42.1-2ubuntu1.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlV1WoQACgkQRjrlnQWd1esh+gCfbURXcRZ9ti4ON3goIpZpw8ha
H3wAn2vH6IoQCi2TdZu2gTR1lI/Pzcxk
=e8JD
-----END PGP SIGNATURE-----

More information about the Wily-changes mailing list