Ubuntu
curl package

curl 7.50.1-1ubuntu2 source package in Ubuntu

Changelog

curl (7.50.1-1ubuntu2) zesty; urgency=medium

  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

 -- Marc Deslauriers <email address hidden>  Thu, 03 Nov 2016 14:04:47 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Zesty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
curl_7.50.1.orig.tar.gz 8.5 MiB 3e392cf600822b817be82d9080b377fcbab70538d5a8bf525a1cd66e157b99ea
curl_7.50.1-1ubuntu2.debian.tar.xz 37.6 KiB d56a72fca3a2e6233dd63ff94e53b9450a81f9ca541aa6c58e0a722b9d042934
curl_7.50.1-1ubuntu2.dsc 2.7 KiB c088cd763475132dfee5637aaba678a55e56e292d5d99dc11ecceb7223d64617

View changes file

Binary packages built by this source

curl: No summary available for curl in ubuntu zesty.

No description available for curl in ubuntu zesty.

curl-dbgsym: No summary available for curl-dbgsym in ubuntu zesty.

No description available for curl-dbgsym in ubuntu zesty.

libcurl3: No summary available for libcurl3 in ubuntu zesty.

No description available for libcurl3 in ubuntu zesty.

libcurl3-dbg: No summary available for libcurl3-dbg in ubuntu zesty.

No description available for libcurl3-dbg in ubuntu zesty.

libcurl3-dbgsym: No summary available for libcurl3-dbgsym in ubuntu zesty.

No description available for libcurl3-dbgsym in ubuntu zesty.

libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu zesty.

No description available for libcurl3-gnutls in ubuntu zesty.

libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu zesty.

No description available for libcurl3-gnutls-dbgsym in ubuntu zesty.

libcurl3-nss: No summary available for libcurl3-nss in ubuntu zesty.

No description available for libcurl3-nss in ubuntu zesty.

libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu zesty.

No description available for libcurl3-nss-dbgsym in ubuntu zesty.

libcurl4-doc: No summary available for libcurl4-doc in ubuntu zesty.

No description available for libcurl4-doc in ubuntu zesty.

libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu zesty.

No description available for libcurl4-gnutls-dev in ubuntu zesty.

libcurl4-gnutls-dev-dbgsym: No summary available for libcurl4-gnutls-dev-dbgsym in ubuntu zesty.

No description available for libcurl4-gnutls-dev-dbgsym in ubuntu zesty.

libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu zesty.

No description available for libcurl4-nss-dev in ubuntu zesty.

libcurl4-nss-dev-dbgsym: No summary available for libcurl4-nss-dev-dbgsym in ubuntu zesty.

No description available for libcurl4-nss-dev-dbgsym in ubuntu zesty.

libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu zesty.

No description available for libcurl4-openssl-dev in ubuntu zesty.

libcurl4-openssl-dev-dbgsym: No summary available for libcurl4-openssl-dev-dbgsym in ubuntu zesty.

No description available for libcurl4-openssl-dev-dbgsym in ubuntu zesty.