Format: 1.8 Date: Mon, 25 Apr 2022 10:02:10 -0300 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: riscv64 Version: 7.68.0-1ubuntu2.10 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas Da Silva Barbosa Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.68.0-1ubuntu2.10) focal-security; urgency=medium . * SECURITY UPDATE: OAUTH2 bypass - debian/patches/CVE-2022-22576.patch: check sasl additional parameters for conn resuse in lib/strcase.c, lib/strcase.h, lib/url.c, lib/urldata.h, lib/vtls/vtls.c. - CVE-2022-22576 * SECURITY UPDATE: Credential leak on redirect - debian/patches/CVE-2022-27774-1.patch: store conn_remote_port in the info struct to make it available after the connection ended in lib/connect.c, lib/urldata.h. - debian/patches/CVE-2022-27774-2.patch: redirects to other protocols or ports clear auth in lib/transfer.c. - debian/patches/CVE-2022-27774-3*.patch: adds tests to verify these fix in tests/data/Makefile.inc, tests/data/test973, tests/data/test974, tests/data/test975, tests/data/test976. - CVE-2022-27774 * SECURITY UPDATE: Bad local IPV6 connection reuse - debian/patches/CVE-2022-27775.patch: include the zone id in the 'bundle' haskey in lib/conncache.c. - CVE-2022-27775 * SECURITY UPDATE: Auth/cookie leak on redirect - debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects same host diff port in lib/http.c, lib/urldata.h. - CVE-2022-27776 Checksums-Sha1: 2c3b88a7d53bd9d516b7779f417e4b93b805cc18 136020 curl-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb 9186a8a07b50bfeb79b9f542b89ea58209fb66f4 11672 curl_7.68.0-1ubuntu2.10_riscv64.buildinfo ac6f5c3b69214eb8658faa25ae0251b3489bfd8e 154060 curl_7.68.0-1ubuntu2.10_riscv64.deb c216ede987736fbd776f51223c7d2671d18c7257 731104 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb 97a78c4d62baf935d2c86db07dffb56d3e489194 206716 libcurl3-gnutls_7.68.0-1ubuntu2.10_riscv64.deb ef536b88f638e7c89260654a117432fa577a576b 769380 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb dbd5b66afb9fafad214582454e388bc6157f43ed 214580 libcurl3-nss_7.68.0-1ubuntu2.10_riscv64.deb 513386f941e9f8672f923d863f4c678421c5450f 747856 libcurl4-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb 22d079d7bc324906491fd897e5a646be5711aa02 609540 libcurl4-gnutls-dev_7.68.0-1ubuntu2.10_riscv64.deb b1934f472b219b6147b2fd7bbd2a05b150cb9005 625040 libcurl4-nss-dev_7.68.0-1ubuntu2.10_riscv64.deb 537448b05e9d58509fe70d761f372c3341efca9c 616120 libcurl4-openssl-dev_7.68.0-1ubuntu2.10_riscv64.deb c0073c7c7538962913df72e7c8b74c7d6ad45306 209356 libcurl4_7.68.0-1ubuntu2.10_riscv64.deb Checksums-Sha256: 071a59ee1ab7b00878d7e970cd1bc5058cab8a139b5a92b75cf9a302c4ab1481 136020 curl-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb f8b07a961e0f9917461d0cace0d278ef1d7b3bc159d5dd7e85e73ed83e0a0121 11672 curl_7.68.0-1ubuntu2.10_riscv64.buildinfo c739742e17fdae5d3a07562ea7bb0a31ddfff623abeebd44889d6f95a3785184 154060 curl_7.68.0-1ubuntu2.10_riscv64.deb 2e6b0519bc39017398278bc10f4c94f9073d0166db733206856f25750e6be4c4 731104 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb 62b64027efbca913c32b1c406f27cc29a5aff7a196de114026f83f1f9f014497 206716 libcurl3-gnutls_7.68.0-1ubuntu2.10_riscv64.deb 91819e0e4e34d8751a86e1b8927a42fd7fffd543f0d933845cefbe395596611c 769380 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb c7f90fe9586724422f95a952e1866bf5d591fdc8c5cf34409826d3bd09c9d87c 214580 libcurl3-nss_7.68.0-1ubuntu2.10_riscv64.deb c869fbdb9aff2b7edb10c5ae8f78201849c1f28a7ddbe8acb6e39d434d565f03 747856 libcurl4-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb 394011a0988e87256a1a75ad5667bc6b6d557b7d9b1b1e01fabb8bd0226f11af 609540 libcurl4-gnutls-dev_7.68.0-1ubuntu2.10_riscv64.deb c4635d0f474bcec1d71247091ac60283b536a4dca418f128cb107e642b820c7b 625040 libcurl4-nss-dev_7.68.0-1ubuntu2.10_riscv64.deb c87c793c7289ed4dd8de71ac6b047f618b6cbf094eb64315394288f9e3f6a1db 616120 libcurl4-openssl-dev_7.68.0-1ubuntu2.10_riscv64.deb b45998b4b325cc4db3297ca99084136dfa46978848a65747b12ab6e8344c5b3f 209356 libcurl4_7.68.0-1ubuntu2.10_riscv64.deb Files: 81943f8afaa4eef2db649bbf152b8f30 136020 debug optional curl-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb 82ed3de8e2debf725d1b75eaf84e5ba7 11672 web optional curl_7.68.0-1ubuntu2.10_riscv64.buildinfo 9e9245fd28515b02be2707c85c117c5d 154060 web optional curl_7.68.0-1ubuntu2.10_riscv64.deb ea7859aa1885480a5768c05f8d96d0eb 731104 debug optional libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb 647669f478c6ac0ea503d55feb3c7213 206716 libs optional libcurl3-gnutls_7.68.0-1ubuntu2.10_riscv64.deb 8cc4dfda8a261f0c2d4b9b1ff0bac26c 769380 debug optional libcurl3-nss-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb c20a687249b59ce86fb83eb294f22b97 214580 libs optional libcurl3-nss_7.68.0-1ubuntu2.10_riscv64.deb 609e26af40010eaded4f740635a98ba8 747856 debug optional libcurl4-dbgsym_7.68.0-1ubuntu2.10_riscv64.ddeb e2af982551bcdd7cebc1a239dcbb9a2d 609540 libdevel optional libcurl4-gnutls-dev_7.68.0-1ubuntu2.10_riscv64.deb d25f2346711d1a1b90bbadcd63fd9587 625040 libdevel optional libcurl4-nss-dev_7.68.0-1ubuntu2.10_riscv64.deb e8df6712101d0fb4153a4f4b9f532582 616120 libdevel optional libcurl4-openssl-dev_7.68.0-1ubuntu2.10_riscv64.deb 222ff226f0ad5ca71dba93929e5615c8 209356 libs optional libcurl4_7.68.0-1ubuntu2.10_riscv64.deb Original-Maintainer: Alessandro Ghedini