Format: 1.8 Date: Wed, 02 Nov 2016 14:24:49 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: arm64 Version: 7.47.0-1ubuntu2.2 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.2) xenial-security; urgency=medium . * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/vtls/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: glob parser write/read out of bounds - debian/patches/CVE-2016-8620.patch: stay within bounds in src/tool_urlglob.c. - CVE-2016-8620 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 Checksums-Sha1: e90e36aac7cd287b40e87495c625363826c32dd4 1090 curl-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 5d19cbbeb07733a3e8e6fe01713d5c9f82f564d4 132842 curl_7.47.0-1ubuntu2.2_arm64.deb e30f7c8b8cf46a165ee58b526e60063482f2310b 3564374 libcurl3-dbg_7.47.0-1ubuntu2.2_arm64.deb af95c5dae912182cfdad9ff99c7e1b2261db0278 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 0e408cadaa902f7dda13e3ac617b4ed16ad43409 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 3b493b9daf7afe6de47260d3aca441f576f4846c 152386 libcurl3-gnutls_7.47.0-1ubuntu2.2_arm64.deb 1f7682427b852b1ddd0d117e3dfe9be4a5b13778 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 62ed558bac5491d71ba4ff1c738f40524967758d 158124 libcurl3-nss_7.47.0-1ubuntu2.2_arm64.deb debcda4fb4a40efb2a65012480a64c298e94f839 154450 libcurl3_7.47.0-1ubuntu2.2_arm64.deb 853f1d13f795cf9caba7ab69f2989b2fd408ec07 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 612fd4a02162ebdad1d55f0c14eed677dea1bc38 234374 libcurl4-gnutls-dev_7.47.0-1ubuntu2.2_arm64.deb 503bd3fa6ae48a7e88012c680527e43514c243ce 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 104e642a232659aad813c73df06dc3a5a95f6327 240542 libcurl4-nss-dev_7.47.0-1ubuntu2.2_arm64.deb 86434aa4678c34e1ef217ec5b01dcb8232d67242 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 61b8336c045764bf5106b941a564d5522f87c23f 235914 libcurl4-openssl-dev_7.47.0-1ubuntu2.2_arm64.deb Checksums-Sha256: 2a04de4d9a70925f2aa3461cb00287c22a6a7db220dc7f250a273414fc5958dc 1090 curl-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb b52e9c9b4cad769d7e8217c220a2af24373de01c6fa03f07a35c81b0a5e2b652 132842 curl_7.47.0-1ubuntu2.2_arm64.deb f29b13450db8fe42496ac99ad561c868441c8ca0ef33e5696bc0e468586c978c 3564374 libcurl3-dbg_7.47.0-1ubuntu2.2_arm64.deb 4c3e2bf3b0cb96bf1dada2d40447fc7a7c5bd59593e9db6b22839bcf3b8a38ce 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 7ca4a0c62253a4933e3a2da8c4a346cf08a349230925c52d5aa665d285470a4a 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 8bf8e616d2d06ab0f0817ff58b3f3f05124855d818dbcd934c3f4a6c83ced301 152386 libcurl3-gnutls_7.47.0-1ubuntu2.2_arm64.deb 02fe507b3633751a17e07dad8d71ce530f3a351cc893b8b797b3eece08f2e97e 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 9ba465ac35d955a61735a40fd6b920c5a4bce5bf115261c6793535f4ba44e95c 158124 libcurl3-nss_7.47.0-1ubuntu2.2_arm64.deb 6d6ad6f7b1e9f70b9aee1e80f7bf5026bb13d1ff52bd4cd189445f189c08c991 154450 libcurl3_7.47.0-1ubuntu2.2_arm64.deb f47feb7ea6ca9bd0bda066682a810a786930303fdb1548c747869d4a1b41f2d4 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 1539b30554abc6d392552c1f3a3658911378a537bafac0df2e6c298707a3503e 234374 libcurl4-gnutls-dev_7.47.0-1ubuntu2.2_arm64.deb c6961e8765dd991bcb3bbdb08c5c59060d13c243f8ca7c78fe00ef2805f70191 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb a6b59212b45c30c9e58673e3a66752bcbeabd2f04dc7aba74f7deee43c6e500c 240542 libcurl4-nss-dev_7.47.0-1ubuntu2.2_arm64.deb 8802f02cc98b9da35b0b2c6441306b3503efdb48ecf0579c4f4b2638b8170dc3 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb c2fc5a2668089266fdb7d23916779f51583b57250c63f0518b80844fb25ce8be 235914 libcurl4-openssl-dev_7.47.0-1ubuntu2.2_arm64.deb Files: c1b7d003d322749c5323eb2bbc04e1f1 1090 web extra curl-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb d4254167ece2ddbbf27076abbcebee18 132842 web optional curl_7.47.0-1ubuntu2.2_arm64.deb d15a97cf945c4186382a402854c89cfc 3564374 debug extra libcurl3-dbg_7.47.0-1ubuntu2.2_arm64.deb fceff3c9cd6191d5fcb5d6bea3039376 1204 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 9abc02a3244dae500278300636e0c95c 1208 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb d47ed64690b3dc7904ebefd3b7bbc7f5 152386 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.2_arm64.deb 7b50b9e567d80da49ff6f137deccd792 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 709dfdab4b7ed5f13d497f3824f4f986 158124 libs optional libcurl3-nss_7.47.0-1ubuntu2.2_arm64.deb 8bab97dd69c2c8f8b907d6e1ce24a5d3 154450 libs optional libcurl3_7.47.0-1ubuntu2.2_arm64.deb e652ed61f2c74239333988d5b14e80b6 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb c6c5c6c442b3993f6abbe8eb4fda85b5 234374 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.2_arm64.deb 5af3b3c30b9759c1dab42e1434bfd607 1286 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb 4d6c42528e692016713435b93807c67f 240542 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.2_arm64.deb 048fbcf49ee3264cf442dd618555fcaf 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.2_arm64.ddeb b366a3ef8790892b8b8723cdbafec2ad 235914 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.2_arm64.deb Original-Maintainer: Alessandro Ghedini