Format: 1.8 Date: Wed, 15 Mar 2023 08:58:03 -0400 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: i386 Version: 7.58.0-2ubuntu3.24 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.24) bionic-security; urgency=medium . * SECURITY UPDATE: TELNET option IAC injection - debian/patches/CVE-2023-27533.patch: only accept option arguments in ascii in lib/telnet.c. - CVE-2023-27533 * SECURITY UPDATE: SFTP path ~ resolving discrepancy - debian/patches/CVE-2023-27534-pre1.patch: do not add '/' if homedir ends with one in lib/curl_path.c. - debian/patches/CVE-2023-27534.patch: properly handle tilde character in lib/curl_path.c. - CVE-2023-27534 * SECURITY UPDATE: FTP too eager connection reuse - debian/patches/CVE-2023-27535.patch: add more conditions for connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h. - CVE-2023-27535 * SECURITY UPDATE: GSS delegation too eager connection re-use - debian/patches/CVE-2023-27536.patch: only reuse connections with same GSS delegation in lib/url.c, lib/urldata.h. - CVE-2023-27536 * SECURITY UPDATE: SSH connection too eager reuse still - debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse check in lib/url.c. - CVE-2023-27538 Checksums-Sha1: 0e6d10795aca77d17dc2d9f7bb448ab339350f25 128072 curl-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 1c26495522de156bd7935aa53c826445e8460331 11924 curl_7.58.0-2ubuntu3.24_i386.buildinfo 0c9b553683b68220394975eb053261326272ed44 162184 curl_7.58.0-2ubuntu3.24_i386.deb 73ee8a6cad05743e9919d086c4cfddf76694603d 1193464 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 9f7ba4081bf991ab2ab66e09d57f9a31e370527c 243176 libcurl3-gnutls_7.58.0-2ubuntu3.24_i386.deb 5245565f7ea2df8b53f5b2986cb197c33c6295b1 1213004 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb bb0676682c66532318a36839849d929ae4d78ce3 249092 libcurl3-nss_7.58.0-2ubuntu3.24_i386.deb 7ef377aec9dfb413faa40b9eb705214a7b6d3a35 1209840 libcurl4-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 39dc54dd32d5a79b088afdf809f4922913274028 335720 libcurl4-gnutls-dev_7.58.0-2ubuntu3.24_i386.deb d2220c142f8554e25e32ac59ff1ac50050ab97c2 342376 libcurl4-nss-dev_7.58.0-2ubuntu3.24_i386.deb 14677ed6c555718e08b05aac1561e7273a32def6 337812 libcurl4-openssl-dev_7.58.0-2ubuntu3.24_i386.deb 49b5837ac401e5b2a6ef9427ea61da4c264188f0 245888 libcurl4_7.58.0-2ubuntu3.24_i386.deb Checksums-Sha256: dda355e2cd62de8cacff56d5d871dcc596e51d68aee38b121c1368cc9b248908 128072 curl-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 2478e36000f46f1c779edfb45d193cacb72785ca75025d5f70e3d378a412baec 11924 curl_7.58.0-2ubuntu3.24_i386.buildinfo e6c6b2b57b25d4c5cba1e0eeec82c7e0c775b62994626f7e453a2a46580de80f 162184 curl_7.58.0-2ubuntu3.24_i386.deb 7653923cb1d8093a20c76850ba6010c3b0c560c152586a890228838337c84ae8 1193464 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 6312763e5c701345f5a6f4f5fc28659eba9539d7092bdcbce9b71cf30040be60 243176 libcurl3-gnutls_7.58.0-2ubuntu3.24_i386.deb 1f8d6b623257ab405a13200fa25793365e0365d520482450053f0953b6ad03ec 1213004 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 4f454a4d68d62174ca3041b6827d36a251d72df76f0130aa8c4869c39b74205f 249092 libcurl3-nss_7.58.0-2ubuntu3.24_i386.deb 3904be59e1dbfa2f740260faf3e093a9e7c4473dad8b7f760f67d25e321725ae 1209840 libcurl4-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb d96ed1b2e4a32b2a0cb361af7793b6e39f1f047313d67b05151e4e3b6df347ba 335720 libcurl4-gnutls-dev_7.58.0-2ubuntu3.24_i386.deb 0e6940a046ad7c96865ecae0cdd3e9e1958543de60f161fa412e62b5db10b88e 342376 libcurl4-nss-dev_7.58.0-2ubuntu3.24_i386.deb d60d61c1cf61fec99cae10c64735a88d1e5aeee354883baa6d57de7667fc5603 337812 libcurl4-openssl-dev_7.58.0-2ubuntu3.24_i386.deb 8958355ec4f168938504188a70f72f8a13c5397ef0aa3bb3db93633b1a2b4359 245888 libcurl4_7.58.0-2ubuntu3.24_i386.deb Files: 5aa2d3d5cce94f7ca123bfff2d8a7c92 128072 debug optional curl-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 95dfd836ebaa1c855cecbb3338e5c647 11924 web optional curl_7.58.0-2ubuntu3.24_i386.buildinfo 9f7453cd3c3ad452cf7e759fdfe87654 162184 web optional curl_7.58.0-2ubuntu3.24_i386.deb e8ef90ee5b3e5dec7f8748a0dbefd73e 1193464 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb ae6b40357fe7e07f82d0fc4b6f6bfb5d 243176 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.24_i386.deb 2018122cc294de7ff559577a8c7e5f9a 1213004 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb afd0c3c338e2987293d225235bc118f3 249092 libs optional libcurl3-nss_7.58.0-2ubuntu3.24_i386.deb 99e9d670a4eb16ceb8bfbfa33bff4391 1209840 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.24_i386.ddeb 416e541a05d50c9ba563a4ec14985a41 335720 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.24_i386.deb 71a571083f2fc28b458c381254718364 342376 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.24_i386.deb a5f287395c1b9e7a73ef296cff99d734 337812 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.24_i386.deb 8294a2ef09f065a69817fb0d632618c3 245888 libs optional libcurl4_7.58.0-2ubuntu3.24_i386.deb Original-Maintainer: Alessandro Ghedini