Format: 1.8 Date: Mon, 25 Apr 2022 10:02:10 -0300 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: s390x Version: 7.68.0-1ubuntu2.10 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas Da Silva Barbosa Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.68.0-1ubuntu2.10) focal-security; urgency=medium . * SECURITY UPDATE: OAUTH2 bypass - debian/patches/CVE-2022-22576.patch: check sasl additional parameters for conn resuse in lib/strcase.c, lib/strcase.h, lib/url.c, lib/urldata.h, lib/vtls/vtls.c. - CVE-2022-22576 * SECURITY UPDATE: Credential leak on redirect - debian/patches/CVE-2022-27774-1.patch: store conn_remote_port in the info struct to make it available after the connection ended in lib/connect.c, lib/urldata.h. - debian/patches/CVE-2022-27774-2.patch: redirects to other protocols or ports clear auth in lib/transfer.c. - debian/patches/CVE-2022-27774-3*.patch: adds tests to verify these fix in tests/data/Makefile.inc, tests/data/test973, tests/data/test974, tests/data/test975, tests/data/test976. - CVE-2022-27774 * SECURITY UPDATE: Bad local IPV6 connection reuse - debian/patches/CVE-2022-27775.patch: include the zone id in the 'bundle' haskey in lib/conncache.c. - CVE-2022-27775 * SECURITY UPDATE: Auth/cookie leak on redirect - debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects same host diff port in lib/http.c, lib/urldata.h. - CVE-2022-27776 Checksums-Sha1: d8b0a11351a2e604c82a0ffef3772c534a39ad21 139456 curl-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 73910331f891d2993dfea2d05a31e9d8c96cd0fe 11753 curl_7.68.0-1ubuntu2.10_s390x.buildinfo 3cc383d0c1403752b89c7871f81c47e3987c915e 157052 curl_7.68.0-1ubuntu2.10_s390x.deb 705d649b9b307c7a7538028a3699e0523e562d5d 758544 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb eb66abf3eb94126b76d32c384de2b2ca31f4b772 213468 libcurl3-gnutls_7.68.0-1ubuntu2.10_s390x.deb 2c37477b8dd0af7e6bcb1b1cff247b1195c16955 796296 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 366c8101dbc1dde8216fc3ddab76422b6633f104 219644 libcurl3-nss_7.68.0-1ubuntu2.10_s390x.deb 5b19eb059cb52713be0109fb5f1c5aa0cb8d28fd 775108 libcurl4-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb ac0ff2f1b0dada4c8d66b3d464a364365c451ee0 302128 libcurl4-gnutls-dev_7.68.0-1ubuntu2.10_s390x.deb 8f2c7cc6b2cbc777bb48eb44c576d9ee0ca26224 309240 libcurl4-nss-dev_7.68.0-1ubuntu2.10_s390x.deb ff23187058f9232659aaf2b2793985608a0d5914 304324 libcurl4-openssl-dev_7.68.0-1ubuntu2.10_s390x.deb 6ecde4a4b37f9bf207c3f45feaacd5f67ef197a9 215612 libcurl4_7.68.0-1ubuntu2.10_s390x.deb Checksums-Sha256: 6422e1d6124ac457bd59c9dc08b584ec640b92d7867e10db6581316923da6f02 139456 curl-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 22827ceb83545c6d4dd88baca2c9ea5dbd4e12866229f9313d1c490655a5d297 11753 curl_7.68.0-1ubuntu2.10_s390x.buildinfo 4a128ec20cd01e0b6a75cb823b401aaf0440429c6a72a18bcdac6679e324f0a5 157052 curl_7.68.0-1ubuntu2.10_s390x.deb 4236c90f25d0cf3047fb9757204d788fe34236a86906913ce3d4b82693583f42 758544 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 8e4df5137481817a8193233950e7dbf6117888a930dacc2053e47c2a8de5c1e6 213468 libcurl3-gnutls_7.68.0-1ubuntu2.10_s390x.deb abeceeefce36721c88af00900c5089f0018bb2d777e625603a16ce8c04b48b9a 796296 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 170a93fe9f7925cf95290ca4df2f647fe046fe8fd84e6d0c13e4a27ae8cc16b2 219644 libcurl3-nss_7.68.0-1ubuntu2.10_s390x.deb 2f63b757e24e2236e85aaa31741535b0343a773771b227ad0f850012a7a33bd8 775108 libcurl4-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 547a17dc7c67bb2d4c3b1ef8b5790329aa2476f64750a7f6b6920954cd3d76b9 302128 libcurl4-gnutls-dev_7.68.0-1ubuntu2.10_s390x.deb dbd7be4fe17f85e72374f8e632bd555870bcffbd99a1a5860f148eb43dcf17ce 309240 libcurl4-nss-dev_7.68.0-1ubuntu2.10_s390x.deb 39505e665f3451f68828afb65d3f5e0d93f09587f31c46007c05ad8ea4ac12b0 304324 libcurl4-openssl-dev_7.68.0-1ubuntu2.10_s390x.deb 8be75a599d0227b7b7837de11b86f61658239791e0cf6dd1acc9f87c8c0b9b58 215612 libcurl4_7.68.0-1ubuntu2.10_s390x.deb Files: 7514ce2995cd6bfa08c2a549117a6bf4 139456 debug optional curl-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 8935000c24f3aa5978d5cc6b9a30cbac 11753 web optional curl_7.68.0-1ubuntu2.10_s390x.buildinfo e852297e5ea50c786eed615bc0b48035 157052 web optional curl_7.68.0-1ubuntu2.10_s390x.deb 7d887d3b1fa8b8363b554df8599ae0f3 758544 debug optional libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 7351b17106b1fdfceb8616455c0478e7 213468 libs optional libcurl3-gnutls_7.68.0-1ubuntu2.10_s390x.deb feb74aa655f2471b39acab209b648a1d 796296 debug optional libcurl3-nss-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 59b7800657067532f0da64d937630723 219644 libs optional libcurl3-nss_7.68.0-1ubuntu2.10_s390x.deb d33225c3a60ee4f2576b88245d8dd853 775108 debug optional libcurl4-dbgsym_7.68.0-1ubuntu2.10_s390x.ddeb 37794c81645f3688978052e82d5dd913 302128 libdevel optional libcurl4-gnutls-dev_7.68.0-1ubuntu2.10_s390x.deb e31041a4e8caf974fc8a96c322ae5e77 309240 libdevel optional libcurl4-nss-dev_7.68.0-1ubuntu2.10_s390x.deb 4ed063edbae63840457afa30ad2d547a 304324 libdevel optional libcurl4-openssl-dev_7.68.0-1ubuntu2.10_s390x.deb d45375c56e5d5519328ac7447ff9ec54 215612 libs optional libcurl4_7.68.0-1ubuntu2.10_s390x.deb Original-Maintainer: Alessandro Ghedini