-
curl (7.29.0-1ubuntu3.4) raring-security; urgency=low
* SECURITY UPDATE: missing CN verification when signature verification is
disabled in GnuTLS backend.
- debian/patches/CVE-2013-6422.patch: still verify host when
CURLOPT_SSL_VERIFYPEER isn't set in lib/gtls.c.
- CVE-2013-6422
-- Marc Deslauriers <email address hidden> Tue, 17 Dec 2013 12:47:31 -0500
-
curl (7.29.0-1ubuntu3.3) raring-security; urgency=low
* SECURITY UPDATE: missing CN verification when signature verification is
disabled.
- debian/patches/CVE-2013-4545.patch: still verify host when
CURLOPT_SSL_VERIFYPEER isn't set in lib/ssluse.c.
- CVE-2013-4545
-- Marc Deslauriers <email address hidden> Fri, 29 Nov 2013 08:31:05 -0500
-
curl (7.29.0-1ubuntu3.2) raring; urgency=low
* Reset timecond when clearing session-info variables (LP: #1179781)
This fixes CURLINFO_CONDITION_UNMET incorrectly reporting "1"
-- Dave Chiluk <email address hidden> Wed, 21 Aug 2013 13:09:13 -0500
-
curl (7.29.0-1ubuntu3.1) raring-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow in URL decoder
- debian/patches/CVE-2013-2174.patch: fix overflow in lib/escape.c,
added tests to tests/data/Makefile.am, tests/data/test1396,
tests/unit/Makefile.inc, tests/unit/unit1396.c.
- CVE-2013-2174
-- Marc Deslauriers <email address hidden> Thu, 27 Jun 2013 10:34:25 -0400
-
curl (7.29.0-1ubuntu3) raring; urgency=low
* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
- debian/patches/09_curl-tailmatch.patch: enforce strict subdomain match
when sending cookies. Patch from YAMADA Yasuharu.
- http://curl.haxx.se/curl-tailmatch.patch
- CVE-2013-1944
-- Seth Arnold <email address hidden> Wed, 10 Apr 2013 15:16:17 -0700
-
curl (7.29.0-1ubuntu2) raring; urgency=low
* debian/patches/08_lp1124508.patch: Backport fix for upstream bug 1194,
segfault in curl_multi_cleanup() when multi->closure_handle is NULL.
(LP: #1124508)
-- Barry Warsaw <email address hidden> Wed, 03 Apr 2013 17:26:06 -0400
-
curl (7.29.0-1ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
* Add warning to debian/patches/series.
curl (7.29.0-1) unstable; urgency=high
* New upstream release
- Fix buffer overflow when negotiating SASL DIGEST-MD5 authentication
as per CVE-2013-0249 (Closes: #700002)
http://curl.haxx.se/docs/adv_20130206.html
- Set urgency=high accordingly
* Install all the examples
* Update 90_gnutls.patch and 99_nss.patch
* Refresh patches
* Correctly pass CPPFLAGS to ./configure
* Upload to unstable
curl (7.28.1-1) experimental; urgency=low
* New upstream release
* Drop 05_fix-git-over-https.patch and 08_fix-git-auth.patch
(merged upstream)
* Update 07_do-not-disable-debug-symbols.patch
* Refresh patches
* Add NEWS entry about change in CURLOPT_SSL_VERIFYHOST semantics
-- Marc Deslauriers <email address hidden> Tue, 12 Feb 2013 08:54:32 -0500
-
curl (7.28.0-3ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
curl (7.28.0-3) unstable; urgency=low
* Add 07_do-not-disable-debug-symbols.patch, do not pass --enable-debug
anymore (Closes: #683103)
* Update 05_fix-git-over-https.patch to reflect new upstream patch
* Add 08_fix-git-auth.patch to fix HTTPS authentication (Closes: #690764)
-- Colin Watson <email address hidden> Wed, 28 Nov 2012 17:56:05 +0000
-
curl (7.28.0-2ubuntu2) raring; urgency=low
* Turn debian/libcurl3-udeb.install and debian/libcurl3-udeb.links back
into symlinks.
-- Colin Watson <email address hidden> Wed, 31 Oct 2012 10:55:24 +0000
-
curl (7.28.0-2ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
curl (7.28.0-2) unstable; urgency=low
* Add 05_fix-git-over-https.patch (Closes: #690551)
* Add 06_always-disable-valgrind.patch (Closes: #690968)
curl (7.28.0-1) unstable; urgency=low
* New upstream release
- gnutls: do not fail on non-fatal handshake errors (Closes: #685402)
* Remove versioned build depends on libssh2 (already in stable)
* Bump Standards-Version to 3.9.4 (no changes needed)
* Refresh 01_runtests_gdb.patch
* Update *.symbols files
* Build depend on ca-certifcates to avoid test failure
-- Colin Watson <email address hidden> Wed, 31 Oct 2012 06:51:15 +0000
-
curl (7.27.0-1ubuntu1) quantal; urgency=low
* Resynchronise with Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
curl (7.27.0-1) unstable; urgency=low
* New upstream release
* Update upstream copyright
* Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch
-- Colin Watson <email address hidden> Mon, 20 Aug 2012 13:54:01 +0100