Format: 1.8 Date: Thu, 03 Nov 2016 08:03:52 -0400 Source: curl Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg Architecture: armel Version: 7.22.0-3ubuntu4.17 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - Get a file from an HTTP, HTTPS or FTP server curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb) libcurl3 - Multi-protocol file transfer library (OpenSSL) libcurl3-dbg - libcurl compiled with debug symbols libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS) libcurl3-nss - Multi-protocol file transfer library (NSS) libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb) libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS) libcurl4-nss-dev - Development files and documentation for libcurl (NSS) libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL) Changes: curl (7.22.0-3ubuntu4.17) precise-security; urgency=medium . * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 Checksums-Sha1: 9cbfaa5772830f4eec8a26ce84a68fb5e3b132ee 133946 curl_7.22.0-3ubuntu4.17_armel.deb e46a9b86f3cf2b3fa51ebb369a6b4a9b7741525a 80014 curl-udeb_7.22.0-3ubuntu4.17_armel.udeb 4c03182429fe4ecf02c333007d45143f4b3f5b44 209978 libcurl3_7.22.0-3ubuntu4.17_armel.deb 0548e526d080da32fc1d626cb2943e1f91e3b32c 119708 libcurl3-udeb_7.22.0-3ubuntu4.17_armel.udeb ba229770d216ca38eb318e8a39af6bb03e2e7ef4 202330 libcurl3-gnutls_7.22.0-3ubuntu4.17_armel.deb 6b666ac88406e278aa53c547395fd14b8f7544eb 209008 libcurl3-nss_7.22.0-3ubuntu4.17_armel.deb bd0b6ed179c8a926b73b19c89fb947ef1a3cd783 1021484 libcurl4-openssl-dev_7.22.0-3ubuntu4.17_armel.deb 25ba282db5d7e057e9ef7a34503078b0c5e80938 1013588 libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_armel.deb 2be046e3c03e24768ef560539603838e9d78f644 1020556 libcurl4-nss-dev_7.22.0-3ubuntu4.17_armel.deb 063a1eee8b0fc8d1ae09826df0510af55bcd7dec 59120 libcurl3-dbg_7.22.0-3ubuntu4.17_armel.deb Checksums-Sha256: 7e1c921dc1646c3b0313a2b71d2487ed0993bf123065b8f2ee1c358254af3b9e 133946 curl_7.22.0-3ubuntu4.17_armel.deb 5a9bf8211ffb04f0f77188552f69f0d20094c95b1fd3a407908b5567aac6e8b5 80014 curl-udeb_7.22.0-3ubuntu4.17_armel.udeb 214b809161d377d651a2007ca7e64bdcc77f57ec768e9b1a0bd64f77aa93fc9b 209978 libcurl3_7.22.0-3ubuntu4.17_armel.deb 437ac26d253c0f48013b9020a9c7b22a7fe6d2c980c9da897b9acb08effc12d5 119708 libcurl3-udeb_7.22.0-3ubuntu4.17_armel.udeb b789d3bf42e866c7812042fad740b5ac18a07cd425209ac0b63c75043a9c3f00 202330 libcurl3-gnutls_7.22.0-3ubuntu4.17_armel.deb b7aa6fd417f4c1188c7a0bcb5b27ce0c0a75a15a08b5a2a3180203cfa0fc0795 209008 libcurl3-nss_7.22.0-3ubuntu4.17_armel.deb 54e5ae896702a67df4f5caa6f75ea549bc0f5baf8fba2fa722f0fc94bbbc6269 1021484 libcurl4-openssl-dev_7.22.0-3ubuntu4.17_armel.deb f75d6cede2097222306d7d2c332ce5e236745c110005d0cac3bfa7407faee966 1013588 libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_armel.deb 506ac4e84f250802963ac477a7447a8339743cbc4c2d51521d450179de48b4d2 1020556 libcurl4-nss-dev_7.22.0-3ubuntu4.17_armel.deb dd29a6452462246d68055ce1ea6276f27c7faedffdd1a851e51b4726152fa601 59120 libcurl3-dbg_7.22.0-3ubuntu4.17_armel.deb Files: 532c608108a03cadc495008fe94443be 133946 web optional curl_7.22.0-3ubuntu4.17_armel.deb 58ad6c13ff8c8c13b3ff0fc25c3a5af5 80014 debian-installer optional curl-udeb_7.22.0-3ubuntu4.17_armel.udeb d171f4b7bba3f502833af3eb989a6626 209978 libs optional libcurl3_7.22.0-3ubuntu4.17_armel.deb 0dc806e62dc43964b9d8dcc6dc4ffe3d 119708 debian-installer optional libcurl3-udeb_7.22.0-3ubuntu4.17_armel.udeb b0e65be1da4282c24a389e771b4b79cf 202330 libs optional libcurl3-gnutls_7.22.0-3ubuntu4.17_armel.deb 29afe5466de27071d80d436cb0dee8d0 209008 libs optional libcurl3-nss_7.22.0-3ubuntu4.17_armel.deb 8c9d358c80ce6734a434aac995076fa2 1021484 libdevel optional libcurl4-openssl-dev_7.22.0-3ubuntu4.17_armel.deb 241347878a03a48a675d412d3c34da40 1013588 libdevel optional libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_armel.deb 24f8853faae1f6f1c9258dd46ae8d002 1020556 libdevel optional libcurl4-nss-dev_7.22.0-3ubuntu4.17_armel.deb ef1fc1a3da9ac09e6f6f286ae0095857 59120 debug extra libcurl3-dbg_7.22.0-3ubuntu4.17_armel.deb Original-Maintainer: Ramakrishnan Muthukrishnan Package-Type: udeb