Format: 1.8
Date: Wed, 04 Oct 2017 08:52:42 -0400
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: arm64
Version: 7.47.0-1ubuntu2.3
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-031.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.47.0-1ubuntu2.3) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: printf floating point buffer overflow
     - debian/patches/CVE-2016-9586.patch: fix floating point buffer
       overflow issues in lib/mprintf.c, added test to tests/data/test557,
       tests/libtest/lib557.c.
     - CVE-2016-9586
   * SECURITY UPDATE: TFTP sends more than buffer size
     - debian/patches/CVE-2017-1000100.patch: reject file name lengths that
       don't fit in lib/tftp.c.
     - CVE-2017-1000100
   * SECURITY UPDATE: URL globbing out of bounds read
     - debian/patches/CVE-2017-1000101.patch: do not continue parsing after
       a strtoul() overflow range in src/tool_urlglob.c, added test to
       tests/data/Makefile.inc, tests/data/test1289.
     - CVE-2017-1000101
   * SECURITY UPDATE: FTP PWD response parser out of bounds read
     - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
       even on bad input in lib/ftp.c, added test to
       tests/data/Makefile.inc, tests/data/test1152.
     - CVE-2017-1000254
   * SECURITY UPDATE: --write-out out of buffer read
     - debian/patches/CVE-2017-7407-1.patch: fix a buffer read overrun in
       src/tool_writeout.c added test to tests/data/Makefile.inc,
       tests/data/test1440, tests/data/test1441.
     - debian/patches/CVE-2017-7407-2.patch: check for end of input in
       src/tool_writeout.c added test to tests/data/Makefile.inc,
       tests/data/test1442.
     - CVE-2017-7407
Checksums-Sha1:
 4290ccedd6ddfdebb909d985b2ad2d55726b91d4 1086 curl-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 4cb9e6841af69004e59bf93a713373ebad94db14 132766 curl_7.47.0-1ubuntu2.3_arm64.deb
 2b4bdec9465a9376587d3583fb0a3c00927ff93d 3568180 libcurl3-dbg_7.47.0-1ubuntu2.3_arm64.deb
 6fa782cd76d8217f8de5d8f7cc7c3f2668694ba2 1200 libcurl3-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 5e49e5c4e737cf5da97d2d63d2a146da507d9536 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 d0401e03f40ce0dc83b8276c33df55ab300bb11a 152488 libcurl3-gnutls_7.47.0-1ubuntu2.3_arm64.deb
 2378466c5a5fd3ee6d6a4d4b5f0275fd3673613b 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 d7dc8d84944ed9313d43fd9abb1b1c3ab18494f7 158524 libcurl3-nss_7.47.0-1ubuntu2.3_arm64.deb
 e6a339f2c6cfd9206a624968c54845d9fe3dfe9f 154572 libcurl3_7.47.0-1ubuntu2.3_arm64.deb
 52f8e943bfb0daea9f7c73b8ab0b871a345defe8 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 bf259a25b1bd0c762e189bcf53c28ff4c1a877be 233936 libcurl4-gnutls-dev_7.47.0-1ubuntu2.3_arm64.deb
 b389ac7abcb1d3a240a08f94aa7e3b4119496511 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 48c0b0fd8cd9c09ff6498f743e2b3733e939c76c 239950 libcurl4-nss-dev_7.47.0-1ubuntu2.3_arm64.deb
 181f95ae823ec6223766366ff982beae8ea8e864 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 d2b9e605b8bc47c6b90ac2b0d45e8ada5605b54f 235424 libcurl4-openssl-dev_7.47.0-1ubuntu2.3_arm64.deb
Checksums-Sha256:
 e93b144ac16ded05adfee315c462582b0663bc6ea8c98c865871769efb9c99b6 1086 curl-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 7fe5ba3f8a7ccdc562fcd4a160aa7c801d188148dac07445ab4d1f5598188452 132766 curl_7.47.0-1ubuntu2.3_arm64.deb
 f0c8095ebf0573bf5fdd34da1c6d0cb58f01e315897e73fb809cf00a6a1ee069 3568180 libcurl3-dbg_7.47.0-1ubuntu2.3_arm64.deb
 3758892a1cdf12b6d205e4dd5a6c7ff85a259cd7793c6fe265aaedcbac6bf9a5 1200 libcurl3-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 dcfdf9907ac57186bd7866c4b0c396d58ddcb862e0f668420f27d02595114ab5 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 60cd487cb67708a307a4a7b4d9fe56beb0b75f775a4fc82f0e6f2d164350ca8b 152488 libcurl3-gnutls_7.47.0-1ubuntu2.3_arm64.deb
 375955165cdd25beed07dbb2398378de658730c4872a355a17dbde016008732e 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 09469cba9c7cfba68239a0c6e31405d79cdb58a9432ee7d917501886b87d8493 158524 libcurl3-nss_7.47.0-1ubuntu2.3_arm64.deb
 0149a216707c167e50c8a9d61b96fe60f4a6e1338751a219cb9a7d3890ef2a3a 154572 libcurl3_7.47.0-1ubuntu2.3_arm64.deb
 753f69d2becad90138afc31252667c1c1ec3d6bf3fc453ff1afb0f92d75ede19 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 d566d0fe1318ed52d6320f1d86ca1989789b79d8c5d3bdecb8e8dc3f687b9b78 233936 libcurl4-gnutls-dev_7.47.0-1ubuntu2.3_arm64.deb
 4a3c743c75f8196fb083e861f013b75e9e649a64876c5d2d8b2d4e5cdb6718a8 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 925d319be6e52832e33fc1230369ca39671c8ac526322614209ae04ccc93b5e7 239950 libcurl4-nss-dev_7.47.0-1ubuntu2.3_arm64.deb
 b986e8d9a533d15be9854a79ec489b9e0fab9b017b91a636df37b5f2182bc604 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 f3d146979d5087524ce49e100a35706ecd3a2c27f29abd008fc500cdf2b96e47 235424 libcurl4-openssl-dev_7.47.0-1ubuntu2.3_arm64.deb
Files:
 b1e2b3211407e43ec5fe98607c201c7c 1086 web extra curl-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 78ebcd98724d9492d85f39ebf87612b2 132766 web optional curl_7.47.0-1ubuntu2.3_arm64.deb
 a14f0db05b160c3a821101422af49279 3568180 debug extra libcurl3-dbg_7.47.0-1ubuntu2.3_arm64.deb
 98ea4045afdf7c8840e65cc8cdd01a01 1200 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 9068f99477963113a633d53799ae26db 1208 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 50016e9ee9a436603a5c015f8f8d5fc2 152488 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.3_arm64.deb
 1f2eff27d3e95d5371489b7ab51e7447 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 f8048c2eb3dc88b1df12fba79f24fc11 158524 libs optional libcurl3-nss_7.47.0-1ubuntu2.3_arm64.deb
 46aea80117f7a8ab98106eeb2d404d5f 154572 libs optional libcurl3_7.47.0-1ubuntu2.3_arm64.deb
 bf8ff213cf4b7b29ba6340d762e9eaa3 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 d74865c9ebaf0b78dd306484bd04325d 233936 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.3_arm64.deb
 19355d45559993e77e2a78bf1dc85168 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 0537b3e07699e08cbd4ca2f728ea994c 239950 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.3_arm64.deb
 9be91ecce980f814f8cb591ccf7595dc 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.3_arm64.ddeb
 22ea9be4a9f0e8420500482c1f70fff0 235424 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.3_arm64.deb
Original-Maintainer: Alessandro Ghedini <ghedo@debian.org>