Format: 1.8 Date: Thu, 03 Nov 2016 08:03:52 -0400 Source: curl Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg Architecture: amd64 Version: 7.22.0-3ubuntu4.17 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - Get a file from an HTTP, HTTPS or FTP server curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb) libcurl3 - Multi-protocol file transfer library (OpenSSL) libcurl3-dbg - libcurl compiled with debug symbols libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS) libcurl3-nss - Multi-protocol file transfer library (NSS) libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb) libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS) libcurl4-nss-dev - Development files and documentation for libcurl (NSS) libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL) Changes: curl (7.22.0-3ubuntu4.17) precise-security; urgency=medium . * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 Checksums-Sha1: f25632906b2b8bfc25d246b436a7066a1072ca7a 137648 curl_7.22.0-3ubuntu4.17_amd64.deb 67f74583c750350f07e051c596a9b1e98ea3481d 83274 curl-udeb_7.22.0-3ubuntu4.17_amd64.udeb 00554cca628caa9c967273b638624fdad17a5f69 236886 libcurl3_7.22.0-3ubuntu4.17_amd64.deb a74b7c17a364dca24d63e63b5fab4d45df19b5a2 141296 libcurl3-udeb_7.22.0-3ubuntu4.17_amd64.udeb b7374727683b98a49b10ed43a982e37d26ba72f6 228120 libcurl3-gnutls_7.22.0-3ubuntu4.17_amd64.deb ac7003286b02c56efc280df267c693e6457aad74 234600 libcurl3-nss_7.22.0-3ubuntu4.17_amd64.deb 8a281828b30b0edef440ec0da6682d70afa1cda6 1083868 libcurl4-openssl-dev_7.22.0-3ubuntu4.17_amd64.deb 7d52cbbcb712c5221ff33b0f6d97f9a75d9e4405 1073084 libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_amd64.deb c494a537478f80bfd45c4f52e572a2eb4c54573a 1080520 libcurl4-nss-dev_7.22.0-3ubuntu4.17_amd64.deb 38718604252d78ae8daabece80a1566d3588282d 49014 libcurl3-dbg_7.22.0-3ubuntu4.17_amd64.deb Checksums-Sha256: 9c9bece64b2bc7afb8dcc4b48bb7cf90029126337b0abec709366760f0a25417 137648 curl_7.22.0-3ubuntu4.17_amd64.deb 2111b20301e4749aa651649c87705d39da7d15e54a38d69b5a219df2159af2d9 83274 curl-udeb_7.22.0-3ubuntu4.17_amd64.udeb c500dc9628c60b822d62c6d5eb0b218454039f5b19e58adbdf57997f4a2901b5 236886 libcurl3_7.22.0-3ubuntu4.17_amd64.deb 32d3c75f6df1cc508757d2006e735fe6085627b381bc57eff685f0ca305730c4 141296 libcurl3-udeb_7.22.0-3ubuntu4.17_amd64.udeb 343498f903f160ced2665b33449cb7b4dbab1f0a7c49c809a5a734d2c0d6cb3c 228120 libcurl3-gnutls_7.22.0-3ubuntu4.17_amd64.deb 01c1e2ff80e6d2863c9e6c798a5e5277753b15ad41122e5812375378bd087ced 234600 libcurl3-nss_7.22.0-3ubuntu4.17_amd64.deb 5f52553375c7730604de28866b0fe9bf034b56a09b0806dea34dd3eafccf3d20 1083868 libcurl4-openssl-dev_7.22.0-3ubuntu4.17_amd64.deb 1eeae97285870a59d704db5e455b0599c8e837d781bc4eea52b48cebde7acd52 1073084 libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_amd64.deb 8a8ba367b53143edba76b1aacb513495d06b6bbb40f60044d6c903efc9b849f0 1080520 libcurl4-nss-dev_7.22.0-3ubuntu4.17_amd64.deb 939b03eb4322ee2b2bb37bd9cbe11eb349f5c57b01cd44b54b1f47a133b361ee 49014 libcurl3-dbg_7.22.0-3ubuntu4.17_amd64.deb Files: 5fadcbec10cea4c3e5027bf00045a29e 137648 web optional curl_7.22.0-3ubuntu4.17_amd64.deb 63b1349a83c49e5976edd162a994a17a 83274 debian-installer optional curl-udeb_7.22.0-3ubuntu4.17_amd64.udeb 2560fdcf31bb81e5409f06493dfeab51 236886 libs optional libcurl3_7.22.0-3ubuntu4.17_amd64.deb fafe0c6d6efdc562afe0d9e323149099 141296 debian-installer optional libcurl3-udeb_7.22.0-3ubuntu4.17_amd64.udeb fc24459c11e491786e3dddf609b29288 228120 libs optional libcurl3-gnutls_7.22.0-3ubuntu4.17_amd64.deb 7f3aa5a980a6e6cf7dcd0565d6084ee6 234600 libs optional libcurl3-nss_7.22.0-3ubuntu4.17_amd64.deb 40dffce8f01bef62cbbc1f11ab9f610d 1083868 libdevel optional libcurl4-openssl-dev_7.22.0-3ubuntu4.17_amd64.deb ff50bf7757305e220b828ca7d494af9b 1073084 libdevel optional libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_amd64.deb 16fb607edaa30e449a0811ed86eb0839 1080520 libdevel optional libcurl4-nss-dev_7.22.0-3ubuntu4.17_amd64.deb 1a75dceba55dee9104ddfdb20651f76f 49014 debug extra libcurl3-dbg_7.22.0-3ubuntu4.17_amd64.deb Original-Maintainer: Ramakrishnan Muthukrishnan Package-Type: udeb