Format: 1.8 Date: Wed, 15 Sep 2021 08:05:33 -0400 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Built-For-Profiles: noudeb Architecture: ppc64el Version: 7.74.0-1.3ubuntu2 Distribution: impish-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3ubuntu2) impish; urgency=medium . * SECURITY UPDATE: UAF and double-free in MQTT sending - debian/patches/CVE-2021-22945.patch: clear the leftovers pointer when sending succeeds in lib/mqtt.c. - CVE-2021-22945 * SECURITY UPDATE: Protocol downgrade required TLS bypassed - debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc, tests/data/test984, tests/data/test985, tests/data/test986. - CVE-2021-22946 * SECURITY UPDATE: STARTTLS protocol injection via MITM - debian/patches/CVE-2021-22947.patch: reject STARTTLS server response pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c, tests/data/Makefile.inc, tests/data/test980, tests/data/test981, tests/data/test982, tests/data/test983. - CVE-2021-22947 Checksums-Sha1: 4088da94c82086edaa9be1115912e9167ee70c75 165750 curl-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 961b5dcacf3a1022c0f0e6febe208c9e59739b84 12315 curl_7.74.0-1.3ubuntu2_ppc64el.buildinfo 96dd40fd40b383323bfa49870db299aeb1ce5329 183136 curl_7.74.0-1.3ubuntu2_ppc64el.deb 85880094e4a86c6ca6370b60eab31b5493e33cb9 1150510 libcurl3-gnutls-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 419dce20e13a8e8f55c6b6aa7f25024e02c166ea 347488 libcurl3-gnutls_7.74.0-1.3ubuntu2_ppc64el.deb 9573423e023f6f5be79dc446a6d284d9c923ea94 1188148 libcurl3-nss-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 66bae082cffabdbc5a6d7dca8fd60c1c6bb1b291 356718 libcurl3-nss_7.74.0-1.3ubuntu2_ppc64el.deb 37f0eea375247c837db859cc7739d01fe5faee55 1175708 libcurl4-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 902de0c3b51f515633d6e59fcd50ab7126be2731 429428 libcurl4-gnutls-dev_7.74.0-1.3ubuntu2_ppc64el.deb c287631513d9eb6a2228bdf4b6d7c009065fdede 441328 libcurl4-nss-dev_7.74.0-1.3ubuntu2_ppc64el.deb 23caaa02fe6531a6faa9053e62371df94f2f3f44 432426 libcurl4-openssl-dev_7.74.0-1.3ubuntu2_ppc64el.deb 6bc02d236920a9454c125c55b78d22888cc16f48 352748 libcurl4_7.74.0-1.3ubuntu2_ppc64el.deb Checksums-Sha256: 6c63ec9b408d2d0b497aaf4ad874db55e69e0d02b87048b326c771224cb46b45 165750 curl-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb b79a4f981bdbb0c4de0961ef9cd8686f7e5205f0cd2423a15b5a62814bc84341 12315 curl_7.74.0-1.3ubuntu2_ppc64el.buildinfo c487e800cc1ce5101b4574eabdea2f4c016a806aa6625fb4acc6135493b13312 183136 curl_7.74.0-1.3ubuntu2_ppc64el.deb 445b8aa923dc3f89a2a45ebcbc54977fe05187966b8a2e0ead116eed9588a567 1150510 libcurl3-gnutls-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb f1af54bd65f8ab78f14db061ff23e9744be83cd0c5f9d3f6512d041f0fdfd5a0 347488 libcurl3-gnutls_7.74.0-1.3ubuntu2_ppc64el.deb b0cbc554cc76fcb2cf4875ee14cff68df05574c4ba11dc9369fdf06de7f1ccea 1188148 libcurl3-nss-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 5f9cb72a7c208a51734b76fd96df05652f6977f20bff4429ca3598c015332e90 356718 libcurl3-nss_7.74.0-1.3ubuntu2_ppc64el.deb 54c61313f91f69228493b9baaa09f6398ab728b1578d3f76046aaf0875e839d3 1175708 libcurl4-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 6336e7ba00486db16b32b00e874ecb2392111c4fd0103872e98ae47c8fb44e6b 429428 libcurl4-gnutls-dev_7.74.0-1.3ubuntu2_ppc64el.deb 63b6bd939644e482b85d18f737f910b6bb7255c59b90c98f8291addd33d5f9fc 441328 libcurl4-nss-dev_7.74.0-1.3ubuntu2_ppc64el.deb 94f18f5ac25739cfb969aeb82861b2c8e88a3ad2004b1603aaecc413bfccde03 432426 libcurl4-openssl-dev_7.74.0-1.3ubuntu2_ppc64el.deb a9312632905dbeafcc8d13685b4aeddb2a68732b7f0c59ea515349f0e13d7118 352748 libcurl4_7.74.0-1.3ubuntu2_ppc64el.deb Files: 701921b76f00220d0d7b69a959440635 165750 debug optional curl-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb a08625755e9f5b1c1c4be0601f74f669 12315 web optional curl_7.74.0-1.3ubuntu2_ppc64el.buildinfo a0d6f7db3c5a59680f58479ad64a9af6 183136 web optional curl_7.74.0-1.3ubuntu2_ppc64el.deb 43d49e5212e7a79692d3628df4c0ae93 1150510 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb f26b6af6b7432e70423897683a1d7f38 347488 libs optional libcurl3-gnutls_7.74.0-1.3ubuntu2_ppc64el.deb 9cde13d34bf88ce8cf4f966c41abcfd9 1188148 debug optional libcurl3-nss-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 295f4dac9621ec2e4d58ef7e9f762851 356718 libs optional libcurl3-nss_7.74.0-1.3ubuntu2_ppc64el.deb 48360fde6af39bd1b50aaac2b54646dd 1175708 debug optional libcurl4-dbgsym_7.74.0-1.3ubuntu2_ppc64el.ddeb 7458b0bd7001283dfb6eed97ef7af0f5 429428 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3ubuntu2_ppc64el.deb 6dad2647175beb85c99cb07101717109 441328 libdevel optional libcurl4-nss-dev_7.74.0-1.3ubuntu2_ppc64el.deb d2ffdedd886443534c0d7c13bac6f8f2 432426 libdevel optional libcurl4-openssl-dev_7.74.0-1.3ubuntu2_ppc64el.deb 57f170cceb188fd25571da6f518e07d2 352748 libs optional libcurl4_7.74.0-1.3ubuntu2_ppc64el.deb Original-Maintainer: Alessandro Ghedini