curl 7.74.0-1.3ubuntu2.1 source package in Ubuntu
Changelog
curl (7.74.0-1.3ubuntu2.1) impish-security; urgency=medium
* SECURITY UPDATE: OAUTH2 bypass
- debian/patches/CVE-2022-22576.patch: check sasl additional
parameters for conn resuse in lib/strcase.c, lib/strcase.h,
lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
- CVE-2022-22576
* SECURITY UPDATE: Credential leak on redirect
- debian/patches/CVE-2022-27774-1.patch: store conn_remote_port
in the info struct to make it available after the connection ended
in lib/connect.c, lib/urldata.h.
- debian/patches/CVE-2022-27774-2.patch: redirects to other protocols
or ports clear auth in lib/transfer.c.
- debian/patches/CVE-2022-27774-3*.patch: adds tests to verify
these fix in tests/data/Makefile.inc, tests/data/test973,
tests/data/test974, tests/data/test975, tests/data/test976.
- CVE-2022-27774
* SECURITY UPDATE: Bad local IPV6 connection reuse
- debian/patches/CVE-2022-27775.patch: include the zone id in the
'bundle' haskey in lib/conncache.c.
- CVE-2022-27775
* SECURITY UPDATE: Auth/cookie leak on redirect
- debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects
same host diff port in lib/http.c, lib/urldata.h.
- CVE-2022-27776
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 21 Apr 2022 09:19:37 -0300
Upload details
- Uploaded by:
- Leonidas S. Barbosa
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.74.0.orig.tar.gz | 3.9 MiB | e56b3921eeb7a2951959c02db0912b5fcd5fdba5aca071da819e1accf338bbd7 |
| curl_7.74.0-1.3ubuntu2.1.debian.tar.xz | 49.0 KiB | e833ba3d66ed85fc0e5512eaae229b35f4b90d7b719a745a2233d5c2fa5d54ae |
| curl_7.74.0-1.3ubuntu2.1.dsc | 2.7 KiB | e8b0bffdb2a6d6f04e30386093cb5175738842e4f3dea90c21856f1892612c78 |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu impish.
No description available for curl in ubuntu impish.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu impish.
No description available for curl-dbgsym in ubuntu impish.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu impish.
No description available for libcurl3-gnutls in ubuntu impish.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu impish.
No description available for libcurl3-
gnutls- dbgsym in ubuntu impish.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu impish.
No description available for libcurl3-nss in ubuntu impish.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu impish.
No description available for libcurl3-nss-dbgsym in ubuntu impish.
- libcurl4: No summary available for libcurl4 in ubuntu impish.
No description available for libcurl4 in ubuntu impish.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu impish.
No description available for libcurl4-dbgsym in ubuntu impish.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu impish.
No description available for libcurl4-doc in ubuntu impish.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu impish.
No description available for libcurl4-gnutls-dev in ubuntu impish.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu impish.
No description available for libcurl4-nss-dev in ubuntu impish.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu impish.
No description available for libcurl4-
openssl- dev in ubuntu impish.
