Format: 1.8 Date: Wed, 14 Mar 2018 09:04:46 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: powerpc Version: 7.47.0-1ubuntu2.7 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.7) xenial-security; urgency=medium . * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write - debian/patches/CVE-2018-1000120-pre1.patch: avoid using curl_easy_unescape() internally in lib/ftp.c. - debian/patches/CVE-2018-1000120-pre2.patch: URL decode path for dir listing in nocwd mode in lib/ftp.c, add test to tests/*. - debian/patches/CVE-2018-1000120-pre3.patch: remove dead code in ftp_done in lib/ftp.c. - debian/patches/CVE-2018-1000120-pre4.patch: don't clobber the passed in error code in lib/ftp.c. - debian/patches/CVE-2018-1000120.patch: reject path components with control codes in lib/ftp.c, add test to tests/*. - CVE-2018-1000120 * SECURITY UPDATE: LDAP NULL pointer dereference - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber() results for NULL before using in lib/openldap.c. - CVE-2018-1000121 * SECURITY UPDATE: RTSP RTP buffer over-read - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't go beyond buffer end in lib/transfer.c. - CVE-2018-1000122 Checksums-Sha1: 1b01a9d838ec847c11848a9850afc8bda2d0a5cd 1086 curl-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 6f4c3e03571ec3b3ef0f27f02e6d762592167cb7 135278 curl_7.47.0-1ubuntu2.7_powerpc.deb bd6150189e3cf47d3d15590e0ba08dadd930b350 3605492 libcurl3-dbg_7.47.0-1ubuntu2.7_powerpc.deb 777d1366954f9dac89653766eb12a39d882ce870 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 6601136d924f85b7a7a798eee5ad28b49c907ec2 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 3fbf290d71632c83eb66f04a3ba5e183e8ab0572 168270 libcurl3-gnutls_7.47.0-1ubuntu2.7_powerpc.deb 08c21f4aa228732ca446eec0799a4608cdf51765 1204 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 0a72813cfd17582192df7200852b36ee8cb34faf 174226 libcurl3-nss_7.47.0-1ubuntu2.7_powerpc.deb 0f01fa75cc29d0cefe6b29cc38e01207112a6034 170536 libcurl3_7.47.0-1ubuntu2.7_powerpc.deb 0b6758bb66f990faa406feac44c724f99c6b338d 1290 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 4e0b3302f121cd0394977c689ebbce2a4a8db19d 234698 libcurl4-gnutls-dev_7.47.0-1ubuntu2.7_powerpc.deb f569c581bd25c783c126da30af32d5addd8e5fdc 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 847c9e5cabadb723a8760d2ace93ca3462447e68 240780 libcurl4-nss-dev_7.47.0-1ubuntu2.7_powerpc.deb 1d3cf5684a7771d971388638832a0687e880b229 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 56a7b99b49f01062752c6a2d7730121e4f4ab888 235840 libcurl4-openssl-dev_7.47.0-1ubuntu2.7_powerpc.deb Checksums-Sha256: 59979ffa16976e2b8a273d09c799e0316b7bfa7691bb879f0ee84010bcf3c80e 1086 curl-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb bf91087515113c41c7005f0994a2fbb024ff334c9636cbb2786a2fde5e082d36 135278 curl_7.47.0-1ubuntu2.7_powerpc.deb bd115f6040bf8f9892fabd89454dc2c86166170faf8997035312e5a700a816eb 3605492 libcurl3-dbg_7.47.0-1ubuntu2.7_powerpc.deb b1c0b0f99e91f41249c16aaa3cea3ab7be71d43dde852f316a28e9127d296798 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 67edb75ce002d35ad7d916662ccadd4ab2c7c1d4da2bdc562e6743050e455adc 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 24d961917bf4555ef3ba646294e1564748544ce5c4e2eff7c7595fa17b755f2a 168270 libcurl3-gnutls_7.47.0-1ubuntu2.7_powerpc.deb 52030d6984d12c4c3d6e12e1403de5d800b971c11ba2aca3340fdeab7ab9b430 1204 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 6ee793f860a5275beed6bbd7fa3b7addf37e4f82123d3f6e0ebf7fbd2c6ac0d9 174226 libcurl3-nss_7.47.0-1ubuntu2.7_powerpc.deb 40904e69b1e6381f262eb95f7abb5290cbb4613c3a168e41d1575d31600944db 170536 libcurl3_7.47.0-1ubuntu2.7_powerpc.deb a99f1029524e8a03c7546b84a9652df82eb611cb94a59866e6cfac774d8275d4 1290 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb e16b195b9e138e384f79c39002029024b47fc84f103ed7a6f4f7157ab1e37bc7 234698 libcurl4-gnutls-dev_7.47.0-1ubuntu2.7_powerpc.deb 8530e8eeaaa816506a3f197bf09589d6fbdc3c92161348eacafd71935437eb8a 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 402cf57b4768a2d69c010bcbe8934b0d0a6f77f77c801d84da8e82aabcd97cf6 240780 libcurl4-nss-dev_7.47.0-1ubuntu2.7_powerpc.deb 80b7a32bd0a3e6977d1d001d9e1c6b5ad257697ac95c3e1c06990616c97fa71f 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 1c598aca12873994869f01ce6821cc69c3d437b5e2eedef8a8657306a6c2a508 235840 libcurl4-openssl-dev_7.47.0-1ubuntu2.7_powerpc.deb Files: 887a6a499bbcf21c92b9b6527e50337e 1086 web extra curl-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 5762ce3412986a450455ec4f7e73e840 135278 web optional curl_7.47.0-1ubuntu2.7_powerpc.deb 1ca4933331b8805e123c51e5a9c5c40f 3605492 debug extra libcurl3-dbg_7.47.0-1ubuntu2.7_powerpc.deb c1586a9201dc9d950109f37dcc45c21a 1206 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb f42c635f1f735003e95bcfde6671747f 1210 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 7eaa889020d3b92d8f8040aab5e5dd97 168270 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.7_powerpc.deb 89fb2299944823253c2a29ecc27d3f5e 1204 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 999ba63d9fdb3845324e4e34424e9d71 174226 libs optional libcurl3-nss_7.47.0-1ubuntu2.7_powerpc.deb 0428ff4aced34ea77308757160be6202 170536 libs optional libcurl3_7.47.0-1ubuntu2.7_powerpc.deb 37adfcc5842b5c1ddcdcfef7643ab9bc 1290 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb e9b073ac8ed52e19714f99311d2af204 234698 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.7_powerpc.deb 4f0a3515eb190974597fc28e762a5167 1286 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb dc495cbf7df8c2f8840476606c702408 240780 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.7_powerpc.deb 26c14a605dc0169c08cee73988daf984 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.7_powerpc.ddeb 60d3a0dd29fa4af90853933fdfc3da0d 235840 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.7_powerpc.deb Original-Maintainer: Alessandro Ghedini