Format: 1.8 Date: Wed, 02 Nov 2016 14:24:49 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: i386 Version: 7.47.0-1ubuntu2.2 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.2) xenial-security; urgency=medium . * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/vtls/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: glob parser write/read out of bounds - debian/patches/CVE-2016-8620.patch: stay within bounds in src/tool_urlglob.c. - CVE-2016-8620 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 Checksums-Sha1: 01d772097dd93822cf5a2325f8a1b87c1b96de54 1086 curl-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb f4e065d5005ef13b7ec073c0dbadb5eeac15c72f 141692 curl_7.47.0-1ubuntu2.2_i386.deb 45d8440c2157ed10da26cf0dbc5e88901b77f6d2 3222908 libcurl3-dbg_7.47.0-1ubuntu2.2_i386.deb a2c912619e3a6353b5368bb662523e0aae85a1b3 1202 libcurl3-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb b99aea9d8fced97bbf0d6b9dfe89f40020435248 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 79429c85dff92e28fff9fafff8842beab550d58a 204852 libcurl3-gnutls_7.47.0-1ubuntu2.2_i386.deb 55efafa877c3c4c91b7b2ee85fb918fd767b7fdb 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb d82a13e40ea0b448f5e4e07ad9353b1b65166847 211004 libcurl3-nss_7.47.0-1ubuntu2.2_i386.deb 6a54a13870a1f5d2fa766c1dca24135b3a5ce04b 207612 libcurl3_7.47.0-1ubuntu2.2_i386.deb 4571c7de01dedcf9a1ae669d38333644128a5c1a 1290 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb e274ae3ae9b33903dc87503c75447fbc295c004b 288358 libcurl4-gnutls-dev_7.47.0-1ubuntu2.2_i386.deb fd30aba7e7c22d1da9eaa6103b67861d17538c70 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 39a3f14bd972fbbb63871a9943fce11cf3c603f2 295150 libcurl4-nss-dev_7.47.0-1ubuntu2.2_i386.deb 29dae61b2b153025dca0bfc8c1b7e9d52f23e6d1 1290 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 234517b07ec09c9b0be4f2b2b5464fb5bd7eb0e5 290924 libcurl4-openssl-dev_7.47.0-1ubuntu2.2_i386.deb Checksums-Sha256: 0fe8bb2c2e0968ff68d018f3faebe4b4742406caad4f230975290f88676dc6ea 1086 curl-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb b151b6d7a4379804322840ff3b622fa7bb8edd0a0dd6224b0fcf32863986be66 141692 curl_7.47.0-1ubuntu2.2_i386.deb 59dde241b5c604fd962c6e813cbc54501d09948527e869d7c6584b8ef5b1191f 3222908 libcurl3-dbg_7.47.0-1ubuntu2.2_i386.deb 2b306b2068d2090ab42aaae6210c40ff62ac7807e5acb761124d450630a1e25f 1202 libcurl3-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 4fbb70bd0fc4750cf572505f2724739a38b289564f04c45b40361659b7440fa9 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb b04b2022d88dbce2ab218989eda725f789d94bf834b0f05aa9139e1240fd0eb9 204852 libcurl3-gnutls_7.47.0-1ubuntu2.2_i386.deb 864bb1deec00bbd93c7fadef65bc4cb303dbb05b41c8c520bc23bba768b746b7 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 424e737c07de503efd91f121b600b65147fb5533cc843f6a5cc0f355f48e1ad8 211004 libcurl3-nss_7.47.0-1ubuntu2.2_i386.deb f5066ec069a2173fadcfb14d3da694f145b1e28fc6b5fc1bc9379211dbed8057 207612 libcurl3_7.47.0-1ubuntu2.2_i386.deb de4ee728fdc2312e28f56c50c4be24a5fdeb1b2e9a62a3b2efd389bba2c01492 1290 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb a89002e59cdb082b23c3fc0f4e9c672879eb16f2a2a15fc8abb3a95c20c0bc0c 288358 libcurl4-gnutls-dev_7.47.0-1ubuntu2.2_i386.deb 17a571c4b388e58d7b0a80140e94e40ae0ca78b83eab98ab7930d0fb3251d7c6 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb d0a04845c489ccee034dd210662c1f4a20081e640c8cc71c63dc17d3e8253c72 295150 libcurl4-nss-dev_7.47.0-1ubuntu2.2_i386.deb 8061d80ebe302c44da49a6e2657af1a11f709c0b888d189b553ee6ebe1dc9f2a 1290 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 4a072b21d3789fb1e2c2cd3c3503e3a160a32cebbf67db2d97d59bac3b472e9e 290924 libcurl4-openssl-dev_7.47.0-1ubuntu2.2_i386.deb Files: 2cead52070978d6e2a9000e929cdf1b8 1086 web extra curl-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 30d3395f8793fc726906a785d9ae3bfd 141692 web optional curl_7.47.0-1ubuntu2.2_i386.deb 795690a36eed8ee07c401752c0af3829 3222908 debug extra libcurl3-dbg_7.47.0-1ubuntu2.2_i386.deb c1a2616487606427d198414c0b748422 1202 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 77a5fde3bd85df8873f2b29199bc566f 1208 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb ecd9ec6369cbe61bc884a3af42233349 204852 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.2_i386.deb 7ad4e62b1f0b157780c0d6ec18890bd4 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 95c5496fe1244b35760ca8eaac5bd5ae 211004 libs optional libcurl3-nss_7.47.0-1ubuntu2.2_i386.deb c7b9dc1d6a90aadacc6ca57d6c7b3c28 207612 libs optional libcurl3_7.47.0-1ubuntu2.2_i386.deb 3436c8c8dcd165c3106f78b90c403ee2 1290 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 5af4ee23b390e434c5bf82711c9f7d0c 288358 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.2_i386.deb 955e83dcc011ecbfd7aba1b2c7ee2160 1286 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb d780986efd56ab34cdad460c8d239311 295150 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.2_i386.deb 9ef2d46330c993b5eab35f23cd83cf9c 1290 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.2_i386.ddeb 72328c93cda0cf3eb2d4c973234ed646 290924 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.2_i386.deb Original-Maintainer: Alessandro Ghedini