curl 7.74.0-1.3ubuntu2.1 source package in Ubuntu
Changelog
curl (7.74.0-1.3ubuntu2.1) impish-security; urgency=medium * SECURITY UPDATE: OAUTH2 bypass - debian/patches/CVE-2022-22576.patch: check sasl additional parameters for conn resuse in lib/strcase.c, lib/strcase.h, lib/url.c, lib/urldata.h, lib/vtls/vtls.c. - CVE-2022-22576 * SECURITY UPDATE: Credential leak on redirect - debian/patches/CVE-2022-27774-1.patch: store conn_remote_port in the info struct to make it available after the connection ended in lib/connect.c, lib/urldata.h. - debian/patches/CVE-2022-27774-2.patch: redirects to other protocols or ports clear auth in lib/transfer.c. - debian/patches/CVE-2022-27774-3*.patch: adds tests to verify these fix in tests/data/Makefile.inc, tests/data/test973, tests/data/test974, tests/data/test975, tests/data/test976. - CVE-2022-27774 * SECURITY UPDATE: Bad local IPV6 connection reuse - debian/patches/CVE-2022-27775.patch: include the zone id in the 'bundle' haskey in lib/conncache.c. - CVE-2022-27775 * SECURITY UPDATE: Auth/cookie leak on redirect - debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects same host diff port in lib/http.c, lib/urldata.h. - CVE-2022-27776 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 21 Apr 2022 09:19:37 -0300
Upload details
- Uploaded by:
- Leonidas S. Barbosa
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
curl_7.74.0.orig.tar.gz | 3.9 MiB | e56b3921eeb7a2951959c02db0912b5fcd5fdba5aca071da819e1accf338bbd7 |
curl_7.74.0-1.3ubuntu2.1.debian.tar.xz | 49.0 KiB | e833ba3d66ed85fc0e5512eaae229b35f4b90d7b719a745a2233d5c2fa5d54ae |
curl_7.74.0-1.3ubuntu2.1.dsc | 2.7 KiB | e8b0bffdb2a6d6f04e30386093cb5175738842e4f3dea90c21856f1892612c78 |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu impish.
No description available for curl in ubuntu impish.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu impish.
No description available for curl-dbgsym in ubuntu impish.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu impish.
No description available for libcurl3-gnutls in ubuntu impish.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu impish.
No description available for libcurl3-
gnutls- dbgsym in ubuntu impish.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu impish.
No description available for libcurl3-nss in ubuntu impish.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu impish.
No description available for libcurl3-nss-dbgsym in ubuntu impish.
- libcurl4: No summary available for libcurl4 in ubuntu impish.
No description available for libcurl4 in ubuntu impish.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu impish.
No description available for libcurl4-dbgsym in ubuntu impish.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu impish.
No description available for libcurl4-doc in ubuntu impish.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu impish.
No description available for libcurl4-gnutls-dev in ubuntu impish.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu impish.
No description available for libcurl4-nss-dev in ubuntu impish.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu impish.
No description available for libcurl4-
openssl- dev in ubuntu impish.