[ubuntu/wily-proposed] curl 7.42.1-3ubuntu1 (Accepted)
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Fri Jun 12 15:25:17 UTC 2015
curl (7.42.1-3ubuntu1) wily; urgency=low
* Merge from Debian (LP: #1459685). Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
* Dropped patches:
- debian/patches/CVE-2015-3143.patch: upstream
- debian/patches/CVE-2015-3148.patch: upstream
- debian/patches/CVE-2015-3144.patch: upstream
- debian/patches/CVE-2015-3153.patch: upstream
- debian/patches/CVE-2014-8150.patch: upstream
- debian/patches/CVE-2015-3145.patch: upstream
* Dropped changes:
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
they seems to be broken since pre-trusty
curl (7.42.1-3) unstable; urgency=medium
* Update copyright
* Set both CA bundle and CA path default values for OpenSSL and GnuTLS
backends
* Bump versioned depends on libgnutls to workaround lack of nettle versioned
symbols (Closes: #787960)
curl (7.42.1-2) unstable; urgency=medium
* Switch curl binary to libcurl3-gnutls (Closes: #342719)
This is the first step of a possible migration to a GnuTLS-only
libcurl for Debian. Let's see how it goes.
curl (7.42.1-1) unstable; urgency=high
* New upstream release
- Don't send sensitive HTTP server headers to proxies as per
CVE-2015-3153
http://curl.haxx.se/docs/adv_20150429.html
* Drop 08_fix-spelling.patch (merged upstream)
* Refresh patches
curl (7.42.0-1) unstable; urgency=medium
* New upstream release
- Fix re-using authenticated connection when unauthenticated
as per CVE-2015-3143
http://curl.haxx.se/docs/adv_20150422A.html
- Fix host name out of boundary memory access as per CVE-2015-3144
http://curl.haxx.se/docs/adv_20150422D.html
- Fix cookie parser out of boundary memory access as per CVE-2015-3145
http://curl.haxx.se/docs/adv_20150422C.html
- Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
http://curl.haxx.se/docs/adv_20150422B.html
- Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is
defined (Closes: #768562)
* Drop patches merged upstream
* Refresh patches
* Bump Standards-Version to 3.9.6 (no changes needed)
curl (7.38.0-4) unstable; urgency=high
* Fix URL request injection vulnerability as per CVE-2014-8150
http://curl.haxx.se/docs/adv_20150108B.html
* Set urgency=high accordingly
Date: Mon, 08 Jun 2015 10:35:57 +0200
Changed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Adam Conrad <adconrad at 0c3.net>
https://launchpad.net/ubuntu/+source/curl/7.42.1-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 08 Jun 2015 10:35:57 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.42.1-3ubuntu1
Distribution: wily
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 342719 768562 787960
Launchpad-Bugs-Fixed: 1459685
Changes:
curl (7.42.1-3ubuntu1) wily; urgency=low
.
* Merge from Debian (LP: #1459685). Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
* Dropped patches:
- debian/patches/CVE-2015-3143.patch: upstream
- debian/patches/CVE-2015-3148.patch: upstream
- debian/patches/CVE-2015-3144.patch: upstream
- debian/patches/CVE-2015-3153.patch: upstream
- debian/patches/CVE-2014-8150.patch: upstream
- debian/patches/CVE-2015-3145.patch: upstream
* Dropped changes:
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
they seems to be broken since pre-trusty
.
curl (7.42.1-3) unstable; urgency=medium
.
* Update copyright
* Set both CA bundle and CA path default values for OpenSSL and GnuTLS
backends
* Bump versioned depends on libgnutls to workaround lack of nettle versioned
symbols (Closes: #787960)
.
curl (7.42.1-2) unstable; urgency=medium
.
* Switch curl binary to libcurl3-gnutls (Closes: #342719)
This is the first step of a possible migration to a GnuTLS-only
libcurl for Debian. Let's see how it goes.
.
curl (7.42.1-1) unstable; urgency=high
.
* New upstream release
- Don't send sensitive HTTP server headers to proxies as per
CVE-2015-3153
http://curl.haxx.se/docs/adv_20150429.html
* Drop 08_fix-spelling.patch (merged upstream)
* Refresh patches
.
curl (7.42.0-1) unstable; urgency=medium
.
* New upstream release
- Fix re-using authenticated connection when unauthenticated
as per CVE-2015-3143
http://curl.haxx.se/docs/adv_20150422A.html
- Fix host name out of boundary memory access as per CVE-2015-3144
http://curl.haxx.se/docs/adv_20150422D.html
- Fix cookie parser out of boundary memory access as per CVE-2015-3145
http://curl.haxx.se/docs/adv_20150422C.html
- Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
http://curl.haxx.se/docs/adv_20150422B.html
- Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is
defined (Closes: #768562)
* Drop patches merged upstream
* Refresh patches
* Bump Standards-Version to 3.9.6 (no changes needed)
.
curl (7.38.0-4) unstable; urgency=high
.
* Fix URL request injection vulnerability as per CVE-2014-8150
http://curl.haxx.se/docs/adv_20150108B.html
* Set urgency=high accordingly
Checksums-Sha1:
0fb258408de2d900682a18ade43b6f86031bb72a 2709 curl_7.42.1-3ubuntu1.dsc
eff27e4527388895638103c6133cf79130025555 4291533 curl_7.42.1.orig.tar.gz
da96ba0182cff6966d4fa6523012bccf22bb5f96 27952 curl_7.42.1-3ubuntu1.debian.tar.xz
Checksums-Sha256:
53e18b4200016211ddfc430020f236ae6bb64af499957da3aced6d9c1ee1655b 2709 curl_7.42.1-3ubuntu1.dsc
4fc504f4fac56d091162707941d06c72a4222fc6fa48ca8193e44ee74baf079c 4291533 curl_7.42.1.orig.tar.gz
b4ba5cab70b56d00b95d5723ece7d484dd4bd8a1a09e8e36168893ead02c53ce 27952 curl_7.42.1-3ubuntu1.debian.tar.xz
Files:
00344c4765d697c76cf3c10f6481bd51 2709 web optional curl_7.42.1-3ubuntu1.dsc
8df5874c4a67ad55496bf3af548d99a2 4291533 web optional curl_7.42.1.orig.tar.gz
00eddb5de5ec91ff7e852dddf8b59030 27952 web optional curl_7.42.1-3ubuntu1.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVevm9AAoJEINAGjCxzeWPRFYP/iODfIkUbybL3naRpX+RGTg3
Y7NK8DtbMrp4Bncfi/P9ubEPAJ746GB/yyfm1THHnZpLXX1Wta+PI2baFfJRB+Zk
OOLJXTqcHIOWmuEbY3iGhGm0lIty51Tv+sOmeErs6dQIhS6OUw1/gmwpQJlL/1Qh
+slx8gYMKtDq8SipIHd0prEGzyXglE46ptZNkT5ZaW/g3b7GaaR6h4ri95pO/il2
zQm04EQvQuYPcLE30llq8OFdnMzLMfgzeZdA3PYFrq+goFklh+6yHeSBWyvoD6SP
yLjC0s2dlXaUNI2BcJPewF7RRYrNp/YquVxmzf5e3Qj+CtDnjp4PuLIG6n6c6xup
j7BiVnCSs10JFSeH0pxGQ6g7TMfinKTNJKsswzOmQrA0igF+5vnQS8V54NfceA2r
pWYukwvfoJxARaP+B/vGqzgyCjD6igyuUmX9WqWcV1WuE09pu/y5i/2QERwn9wMf
pM5gKH2GkUwntYoRgGpp4T6P2VSfTUnC31qbu22jHWG9cj1kuT9RCsjgX+0VqWZ1
GyRbZDCbXD+VCt+iZ4lKWUvKZ9xHFnc+v0K16P2ds0I9j09lnUjyDrzvhSWJ8HLh
JmIR5nbc+A/MnxdtWXUkUiFiwsVmiP72DT5LhZZfd9wxOTRLooi4NDV7LnHtSTao
an4cPTSPpgTR6Uj8TotB
=97E5
-----END PGP SIGNATURE-----
More information about the Wily-changes
mailing list