Format: 1.8 Date: Mon, 04 Jun 2018 16:27:47 -0700 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: armhf Version: 7.60.0-2ubuntu1 Distribution: cosmic-proposed Urgency: low Maintainer: Launchpad Build Daemon Changed-By: Steve Langasek Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.60.0-2ubuntu1) cosmic; urgency=low . * Merge from Debian unstable. Remaining changes: - Use an if statement to conditionally disable libssh2 in Ubuntu-only * Dropped changes, included in Debian: - Build-depend on libssl-dev instead of libssl1.0-dev. - Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between openssl 1.0 and openssl 1.1. - debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer claiming compatibility. - debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for non-OpenSSL builds. * Dropped changes, include upstream: - SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write - debian/patches/CVE-2018-1000120.patch: reject path components with control codes in lib/ftp.c, add test to tests/*. - CVE-2018-1000120 - SECURITY UPDATE: LDAP NULL pointer dereference - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber() results for NULL before using in lib/openldap.c. - CVE-2018-1000121 - SECURITY UPDATE: RTSP RTP buffer over-read - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't go beyond buffer end in lib/transfer.c. - CVE-2018-1000122 - SECURITY UPDATE: FTP shutdown response buffer overflow - debian/patches/CVE-2018-1000300.patch: check data size in lib/pingpong.c. - CVE-2018-1000303 - SECURITY UPDATE: RTSP bad headers buffer over-read - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when bad response-line is parsed in lib/http.c. - CVE-2018-1000301 Checksums-Sha1: f54e3f8dc3e2b195dbbe89433f3c647d9c273c9f 140360 curl-dbgsym_7.60.0-2ubuntu1_armhf.ddeb 212cdf232a65e0951a7e6bf6bc420f316ad7ebc0 10834 curl_7.60.0-2ubuntu1_armhf.buildinfo af862990f5da040bcadbc2a4dc714f6dca6f9d3e 155192 curl_7.60.0-2ubuntu1_armhf.deb 114df95d6503246c895c86e02824c9ff6331be7f 1281688 libcurl3-gnutls-dbgsym_7.60.0-2ubuntu1_armhf.ddeb d9eca8e3a681d669daf74d72317319fc82292d61 183252 libcurl3-gnutls_7.60.0-2ubuntu1_armhf.deb b7afde8191c6363a550c3f899f5d51246d5059cc 1308668 libcurl3-nss-dbgsym_7.60.0-2ubuntu1_armhf.ddeb 60b0ba4d46a167a701ee741f0d5234efa2c26fe4 189100 libcurl3-nss_7.60.0-2ubuntu1_armhf.deb 0e2d150ccd6782bfcbb85feabc0eb10b60962162 1291788 libcurl4-dbgsym_7.60.0-2ubuntu1_armhf.ddeb df9215c6f6b79a1b3753d397513f7ed5ced4e093 271676 libcurl4-gnutls-dev_7.60.0-2ubuntu1_armhf.deb 2b9e7df37de43b2ec5c3f82949717cd7eae1275f 277804 libcurl4-nss-dev_7.60.0-2ubuntu1_armhf.deb 38d9930d98275124fde5ce452c5ef20c13121924 273244 libcurl4-openssl-dev_7.60.0-2ubuntu1_armhf.deb ceabffef8ba15ab730527bde26bd8720f1bb805a 184988 libcurl4_7.60.0-2ubuntu1_armhf.deb Checksums-Sha256: f95b6f2a0f9b23c076ef8236c52402e831efa88671c330d9643c09263349f602 140360 curl-dbgsym_7.60.0-2ubuntu1_armhf.ddeb eab09d7cd8e252b53883070d3b863941016d85c23cc041faf4d2347b28ea4845 10834 curl_7.60.0-2ubuntu1_armhf.buildinfo 36f0209a754f4a1c31dd3dda096ea58f1adda08071c8dc4b449e781e23e16d01 155192 curl_7.60.0-2ubuntu1_armhf.deb f9fe88946813105202417e1bb4787a0bcc012147e9bf1ba26b48da966555bcd8 1281688 libcurl3-gnutls-dbgsym_7.60.0-2ubuntu1_armhf.ddeb e630a9d087d732a7f7cd45dc4f71e6206cc45bbea2a4ed0ada113a54a4458554 183252 libcurl3-gnutls_7.60.0-2ubuntu1_armhf.deb cca13ec4c5e4684045cd7f142b7b2a1143439dec2e97a7bcd242e0178be0ab48 1308668 libcurl3-nss-dbgsym_7.60.0-2ubuntu1_armhf.ddeb b55850abdbb9efdd0100bc03d93ef864c6cd1bb89c6973a5b275a268873f1378 189100 libcurl3-nss_7.60.0-2ubuntu1_armhf.deb a45cd3dc8f02c1c7adf8406242454bf8f5f38caddc00fe8f04d592ab61d0a62d 1291788 libcurl4-dbgsym_7.60.0-2ubuntu1_armhf.ddeb cc46509e839c18e0d7d528ce1b1ecc353878f422ecbeefd7003cc98d40da86f1 271676 libcurl4-gnutls-dev_7.60.0-2ubuntu1_armhf.deb beccb86f8226b4089cc7bc502764c1eb6375fc9621d8ebc7ca482ce16b97cbaa 277804 libcurl4-nss-dev_7.60.0-2ubuntu1_armhf.deb a2f18d957525b040a747c04074b0034b8a332d9e416c6d22b212eed972e82f13 273244 libcurl4-openssl-dev_7.60.0-2ubuntu1_armhf.deb 0a55656ee4a43fdcfeb5773f75b5bd48b0d0baf2374b06f7c5e29240d55864b7 184988 libcurl4_7.60.0-2ubuntu1_armhf.deb Files: 4c327df53a4a0670544d433acf683a64 140360 debug optional curl-dbgsym_7.60.0-2ubuntu1_armhf.ddeb 280e066c3a25ea1b881c42050ec8fb50 10834 web optional curl_7.60.0-2ubuntu1_armhf.buildinfo 10e07b184ad60c78112e8a956f7ef5a7 155192 web optional curl_7.60.0-2ubuntu1_armhf.deb a3b6985eb6dd75d1bd30d1a67ffc7a53 1281688 debug optional libcurl3-gnutls-dbgsym_7.60.0-2ubuntu1_armhf.ddeb f85103bd2bae8ad9b2c01b1346c91d31 183252 libs optional libcurl3-gnutls_7.60.0-2ubuntu1_armhf.deb c0c3c4ff92949f4a756cd05a9f63d395 1308668 debug optional libcurl3-nss-dbgsym_7.60.0-2ubuntu1_armhf.ddeb d16f13b1dd9f2ab4ce74557d21f8c720 189100 libs optional libcurl3-nss_7.60.0-2ubuntu1_armhf.deb a932dea843588202449b1e6167e2fec2 1291788 debug optional libcurl4-dbgsym_7.60.0-2ubuntu1_armhf.ddeb 4081c9b41f1f02f544f29a337380f8e5 271676 libdevel optional libcurl4-gnutls-dev_7.60.0-2ubuntu1_armhf.deb 1c7e2ffcfb7c636b0baab79f56e5c432 277804 libdevel optional libcurl4-nss-dev_7.60.0-2ubuntu1_armhf.deb 822873a3b83084f966cc527e4c3d1f08 273244 libdevel optional libcurl4-openssl-dev_7.60.0-2ubuntu1_armhf.deb 075e97c2252a911ea56ddb9c1b081fef 184988 libs optional libcurl4_7.60.0-2ubuntu1_armhf.deb Original-Maintainer: Alessandro Ghedini