Ubuntu
curl package

curl 7.38.0-3ubuntu2.2 source package in Ubuntu

Changelog

curl (7.38.0-3ubuntu2.2) vivid-security; urgency=medium

  * SECURITY UPDATE: NTLM connection reuse when unauthenticated
    - debian/patches/CVE-2015-3143.patch: require credentials to match in
      lib/url.c.
    - CVE-2015-3143
  * SECURITY UPDATE: host name out of boundary memory access
    - debian/patches/CVE-2015-3144.patch: check for valid length in
      lib/url.c.
    - CVE-2015-3144
  * SECURITY UPDATE: cookie parser out of boundary memory access
    - debian/patches/CVE-2015-3145.patch: properly handle a single double
      quote in lib/cookie.c.
    - CVE-2015-3145
  * SECURITY UPDATE: negotiate not treated as connection-oriented
    - debian/patches/CVE-2015-3148.patch: close Negotiate connections when
      done in lib/http.c.
    - CVE-2015-3148
  * SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
    - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
      docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
      tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
    - CVE-2015-3153

 -- Marc Deslauriers <email address hidden>  Wed, 29 Apr 2015 09:09:44 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Vivid
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
curl_7.38.0.orig.tar.gz 3.9 MiB 5661028aa6532882fa228cd23c99ddbb8b87643dbb1a7ea55c068d34a943dff1
curl_7.38.0-3ubuntu2.2.debian.tar.xz 35.3 KiB 64c7c0d4e21a662a44356cc744349d38ee3c534e464c54ff16b1d72e14fda3f4
curl_7.38.0-3ubuntu2.2.dsc 2.8 KiB 505da1f5fb7ca13e24943a0902008be7bd528475719e3b2ff9931cde7b2994e5

View changes file

Binary packages built by this source

curl: No summary available for curl in ubuntu vivid.

No description available for curl in ubuntu vivid.

curl-udeb: No summary available for curl-udeb in ubuntu vivid.

No description available for curl-udeb in ubuntu vivid.

libcurl3: No summary available for libcurl3 in ubuntu vivid.

No description available for libcurl3 in ubuntu vivid.

libcurl3-dbg: No summary available for libcurl3-dbg in ubuntu vivid.

No description available for libcurl3-dbg in ubuntu vivid.

libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu vivid.

No description available for libcurl3-gnutls in ubuntu vivid.

libcurl3-nss: No summary available for libcurl3-nss in ubuntu vivid.

No description available for libcurl3-nss in ubuntu vivid.

libcurl3-udeb: No summary available for libcurl3-udeb in ubuntu vivid.

No description available for libcurl3-udeb in ubuntu vivid.

libcurl4-doc: No summary available for libcurl4-doc in ubuntu vivid.

No description available for libcurl4-doc in ubuntu vivid.

libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu vivid.

No description available for libcurl4-gnutls-dev in ubuntu vivid.

libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu vivid.

No description available for libcurl4-nss-dev in ubuntu vivid.

libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu vivid.

No description available for libcurl4-openssl-dev in ubuntu vivid.