Format: 1.8 Date: Thu, 15 Mar 2018 08:20:41 -0400 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: i386 Version: 7.58.0-2ubuntu3 Distribution: bionic-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3) bionic; urgency=medium . * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write - debian/patches/CVE-2018-1000120.patch: reject path components with control codes in lib/ftp.c, add test to tests/*. - CVE-2018-1000120 * SECURITY UPDATE: LDAP NULL pointer dereference - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber() results for NULL before using in lib/openldap.c. - CVE-2018-1000121 * SECURITY UPDATE: RTSP RTP buffer over-read - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't go beyond buffer end in lib/transfer.c. - CVE-2018-1000122 Checksums-Sha1: 17453bbad6fc506e93daa0db1e314a23c0c64efe 128100 curl-dbgsym_7.58.0-2ubuntu3_i386.ddeb 8f33aaf89eae5d831e6f4031e46d58073159bdd6 11090 curl_7.58.0-2ubuntu3_i386.buildinfo 03e28c49dd7cb0f4b1a675314ed03786ccc112b1 162068 curl_7.58.0-2ubuntu3_i386.deb f8a02c0a934ede84698680cfaf9598dc0a6b42f7 1151736 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3_i386.ddeb 5abed7a8b98eb208755c7534145b8ba7d414f943 235888 libcurl3-gnutls_7.58.0-2ubuntu3_i386.deb bddbd48addd5fb639c35eafca229af2e8a51626e 1175260 libcurl3-nss-dbgsym_7.58.0-2ubuntu3_i386.ddeb 0278894e6a8f386ad4f23728f8959dbfecf21a61 241856 libcurl3-nss_7.58.0-2ubuntu3_i386.deb abaa14b8692958f2f1686432be6193cbdcc5e2d8 1170384 libcurl4-dbgsym_7.58.0-2ubuntu3_i386.ddeb 5d6329785409c4153068f213b5d71cb16e01363b 326352 libcurl4-gnutls-dev_7.58.0-2ubuntu3_i386.deb 7f6a68da34e70fdb64e2bd067cce1fe6b962c533 332848 libcurl4-nss-dev_7.58.0-2ubuntu3_i386.deb 55de3596a6129b6cb4328057c100a321dd030d4f 328108 libcurl4-openssl-dev_7.58.0-2ubuntu3_i386.deb 2bc36fa2c5606a4d8c6f7f4c2199056a975908f6 238488 libcurl4_7.58.0-2ubuntu3_i386.deb Checksums-Sha256: 0f555a39b396b3d57d99bec61770315ebaae5fc9ca434eb244dc4d48b745a23d 128100 curl-dbgsym_7.58.0-2ubuntu3_i386.ddeb 3b4c877422f4381cf7f03f3bee675bb1b021613f2d7eb291ccefd87c84a33d36 11090 curl_7.58.0-2ubuntu3_i386.buildinfo 1e8f83514ec3abe302d38e49b79a2773911805a0283c84d68fe6696c6434ba7e 162068 curl_7.58.0-2ubuntu3_i386.deb 0ed7ff2aec9b91460b25c4c84ac71c092c62bd38431e04688f3648563fb1444b 1151736 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3_i386.ddeb ac95c8f8d255bec05a3fe35e6954f6f5353889f74379bef3dc889aa8109330a0 235888 libcurl3-gnutls_7.58.0-2ubuntu3_i386.deb 3f634351d80394545d1040bcdfdad7c9e4f463a267a273642ceb3b0583bf037c 1175260 libcurl3-nss-dbgsym_7.58.0-2ubuntu3_i386.ddeb 6cc6a87367e486ab500e533df3b43b3b9e9e6ae354e8fb88a8b3600cfd65283c 241856 libcurl3-nss_7.58.0-2ubuntu3_i386.deb 983d543380e296d17716c10884e3875682812e86fbec2f1d978969fa71754100 1170384 libcurl4-dbgsym_7.58.0-2ubuntu3_i386.ddeb 60caf4681b8c225350dfbca7108ae467896334f16dcc3799f05d2c62840023a8 326352 libcurl4-gnutls-dev_7.58.0-2ubuntu3_i386.deb f2c9326e4433be8280d506efd27d698eb49e3e97234f419932eb11f6af1cb657 332848 libcurl4-nss-dev_7.58.0-2ubuntu3_i386.deb b274a48cf8f15e117a4c65f5119709ef63e5dd9ede2b81ad613cde27414ffe2a 328108 libcurl4-openssl-dev_7.58.0-2ubuntu3_i386.deb 7f453699e790cf595b77f1a639126b276e0f844d19472bb67d5108dbb7e7a9fb 238488 libcurl4_7.58.0-2ubuntu3_i386.deb Files: 21f6413b2b00203af38eea0e9d24eb84 128100 debug optional curl-dbgsym_7.58.0-2ubuntu3_i386.ddeb 11e3f67587b8451da7d22504a3218f81 11090 web optional curl_7.58.0-2ubuntu3_i386.buildinfo 468f77a765be2864b69580f045d2a38d 162068 web optional curl_7.58.0-2ubuntu3_i386.deb 742bf162c475c6adf34b8fe2c2af8e68 1151736 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3_i386.ddeb 63de24b84449fb7df35986fc56ce02bb 235888 libs optional libcurl3-gnutls_7.58.0-2ubuntu3_i386.deb 0fd077d4a76b2542444a900ed3de39a1 1175260 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3_i386.ddeb ad176b8e014f093de553f2296ea16df1 241856 libs optional libcurl3-nss_7.58.0-2ubuntu3_i386.deb edecfa25b5d501f80731c5b56a707828 1170384 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3_i386.ddeb 8ecd7265a52abbcf619235cae68e363a 326352 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3_i386.deb b9d888d6eb9d795b5c0def7903cf2938 332848 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3_i386.deb d4588b7821c5ff96946deb52f3e8df93 328108 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3_i386.deb 89524e7d7c197b2b197e651078254c15 238488 libs optional libcurl4_7.58.0-2ubuntu3_i386.deb Original-Maintainer: Alessandro Ghedini