Format: 1.8 Date: Thu, 03 Nov 2016 08:03:52 -0400 Source: curl Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg Architecture: powerpc Version: 7.22.0-3ubuntu4.17 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - Get a file from an HTTP, HTTPS or FTP server curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb) libcurl3 - Multi-protocol file transfer library (OpenSSL) libcurl3-dbg - libcurl compiled with debug symbols libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS) libcurl3-nss - Multi-protocol file transfer library (NSS) libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb) libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS) libcurl4-nss-dev - Development files and documentation for libcurl (NSS) libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL) Changes: curl (7.22.0-3ubuntu4.17) precise-security; urgency=medium . * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 Checksums-Sha1: a640d071530b681af261adb9c4fb856ae8e0fe1d 137210 curl_7.22.0-3ubuntu4.17_powerpc.deb 4f3aa719df003c7fb189bc208a850e22e7ea0388 82992 curl-udeb_7.22.0-3ubuntu4.17_powerpc.udeb 296a668f51c6c76f0f904fc13298e18d76751c3f 240224 libcurl3_7.22.0-3ubuntu4.17_powerpc.deb 178117a602f10433857e8318f7eff588f188a986 144252 libcurl3-udeb_7.22.0-3ubuntu4.17_powerpc.udeb 12a199426940b7e40e69d95185efc27d7f989937 231310 libcurl3-gnutls_7.22.0-3ubuntu4.17_powerpc.deb 6415410d2cd5e41f6a31988d30e463128af8fe0a 237568 libcurl3-nss_7.22.0-3ubuntu4.17_powerpc.deb e2b278ffe1dfa14dcc78f8a6da09f3bb60050d8d 1069748 libcurl4-openssl-dev_7.22.0-3ubuntu4.17_powerpc.deb ecadcd02979dcdbc5c651fe630de0e6d5935b16e 1058488 libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_powerpc.deb e2df43dc321ffbe40fdca633234730d7b22e55fe 1066202 libcurl4-nss-dev_7.22.0-3ubuntu4.17_powerpc.deb d4f58a3e95695048601f2fd510b8cbaed01a64f5 57052 libcurl3-dbg_7.22.0-3ubuntu4.17_powerpc.deb Checksums-Sha256: 3efe583b5230d7d209ac5009fdf2be0297c6df854fd1a54ba0af2818d0a0c119 137210 curl_7.22.0-3ubuntu4.17_powerpc.deb f00796a91d14b0a11aa9b7b42a439b71a6b4a456bd505dee04cb6fb923530851 82992 curl-udeb_7.22.0-3ubuntu4.17_powerpc.udeb 56c951ea3dbd7dd5717920a40a30046d01ca5ca2dedd2aff9bbdd7456e020268 240224 libcurl3_7.22.0-3ubuntu4.17_powerpc.deb df33c661031b2d13d791b60541eb8359171dc66c6c4680bc9fd1b9d804b3cf7c 144252 libcurl3-udeb_7.22.0-3ubuntu4.17_powerpc.udeb 2174b45e0de72a1aaa7fe0befbe6eb3a3736cec6504eadafc4383de92fd2046a 231310 libcurl3-gnutls_7.22.0-3ubuntu4.17_powerpc.deb 68fa247425ab4d75d4676210b020acacfdf049a04bf6fd9b299047be86e9e89f 237568 libcurl3-nss_7.22.0-3ubuntu4.17_powerpc.deb 499e99a76c58e58b3177ce52ea666ed880aa7c9c4f1f8f26a2aca6e0fc3716d7 1069748 libcurl4-openssl-dev_7.22.0-3ubuntu4.17_powerpc.deb 482b242aa1fb59d9204cbda37ffe093de14a28e19193564185ab6835b9425cc7 1058488 libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_powerpc.deb ad55dee7556c088609ae6be1bdd4070e8a09c5b22f7b7c4fe1f30736a4989180 1066202 libcurl4-nss-dev_7.22.0-3ubuntu4.17_powerpc.deb 5875d2744e69c3d826b717d832afd1cdaf17fe15a240f9beb261167ca53fd331 57052 libcurl3-dbg_7.22.0-3ubuntu4.17_powerpc.deb Files: dc6e8cb9383eec8591731a91a14c9859 137210 web optional curl_7.22.0-3ubuntu4.17_powerpc.deb 75d24863e3646078bc252f5fa772c9dc 82992 debian-installer optional curl-udeb_7.22.0-3ubuntu4.17_powerpc.udeb 6338125e4014d4d1549b877e68caa545 240224 libs optional libcurl3_7.22.0-3ubuntu4.17_powerpc.deb fa87ef1d0896f65cec421c7ebf830a1a 144252 debian-installer optional libcurl3-udeb_7.22.0-3ubuntu4.17_powerpc.udeb 68643acd9e03858a97ceee5098f2753c 231310 libs optional libcurl3-gnutls_7.22.0-3ubuntu4.17_powerpc.deb 6cd9f19946b04372119b87b31c1a6039 237568 libs optional libcurl3-nss_7.22.0-3ubuntu4.17_powerpc.deb d16ef7a86c59cd898b81e4fb5212240b 1069748 libdevel optional libcurl4-openssl-dev_7.22.0-3ubuntu4.17_powerpc.deb f239d10fc8b3a7124304710e495369c6 1058488 libdevel optional libcurl4-gnutls-dev_7.22.0-3ubuntu4.17_powerpc.deb 2e6ee2046015287b257fe2c01c076467 1066202 libdevel optional libcurl4-nss-dev_7.22.0-3ubuntu4.17_powerpc.deb b46e9c00e1867c5278423567b3091210 57052 debug extra libcurl3-dbg_7.22.0-3ubuntu4.17_powerpc.deb Original-Maintainer: Ramakrishnan Muthukrishnan Package-Type: udeb