Format: 1.8 Date: Mon, 25 Apr 2022 14:19:19 -0300 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: ppc64el Version: 7.58.0-2ubuntu3.17 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas Da Silva Barbosa Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.17) bionic-security; urgency=medium . * SECURITY UPDATE: OAUTH2 bypass - debian/patches/CVE-2022-22576.patch: check sasl additional parameters for conn resuse in lib/strcase.c, lib/strcase.h, lib/url.c, lib/urldata.h, lib/vtls/vtls.c. - CVE-2022-22576 * SECURITY UPDATE: Credential leak on redirect - debian/patches/CVE-2022-27774-1.patch: store conn_remote_port in the info struct to make it available after the connection ended in lib/connect.c, lib/urldata.h. - debian/patches/CVE-2022-27774-2.patch: redirects to other protocols or ports clear auth in lib/transfer.c. - debian/patches/CVE-2022-27774-3*.patch: adds tests to verify these fix in tests/data/Makefile.inc, tests/data/test973, tests/data/test974, tests/data/test975, tests/data/test976. - CVE-2022-27774 * SECURITY UPDATE: Bad local IPV6 connection reuse - debian/patches/CVE-2022-27775.patch: include the zone id in the 'bundle' haskey in lib/conncache.c. - CVE-2022-27775 * SECURITY UPDATE: Auth/cookie leak on redirect - debian/patches/CVE-2022-27776.patch: avoid auth/cookie on redirects same host diff port in lib/http.c, lib/urldata.h. - CVE-2022-27776 Checksums-Sha1: eb86f900c50ca35bb6f48e3af0837e87730c5253 147292 curl-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 35c7477810b2e30248f0cbcbf2cf36a59486147a 11827 curl_7.58.0-2ubuntu3.17_ppc64el.buildinfo 8d214de538fda03054afcf9177b7d66e552eb67c 158400 curl_7.58.0-2ubuntu3.17_ppc64el.deb 0c0b51a6f733ef187213bd554bab6d33f55bc8d3 1413348 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 46641d2e51e5ca73f952062bd743de1e6afcd5d6 224384 libcurl3-gnutls_7.58.0-2ubuntu3.17_ppc64el.deb a287edfb6350e53e085f8b94b4b6ea0819e80c91 1450364 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb b277825ae92cca6a674aa0bebde9b5815715e993 231916 libcurl3-nss_7.58.0-2ubuntu3.17_ppc64el.deb 31118455648f80ec90801f37e9b39a07aaa07a3c 1417720 libcurl4-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 7f217741aef62ba725abb4615181c60db560268f 322728 libcurl4-gnutls-dev_7.58.0-2ubuntu3.17_ppc64el.deb 498309b6a62940abb291915dcc4b634c09106c9e 330976 libcurl4-nss-dev_7.58.0-2ubuntu3.17_ppc64el.deb e89c6adeb0116aa9bd4fd3c35426448f3e422aac 320024 libcurl4-openssl-dev_7.58.0-2ubuntu3.17_ppc64el.deb 16f3a1af7044a1284b5baf3699b50f6936579bc9 223500 libcurl4_7.58.0-2ubuntu3.17_ppc64el.deb Checksums-Sha256: 20b873bca0c37de48190ae267c789190d2b155ad1ff2cbfea7a9a7bb30aa369f 147292 curl-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb f4a1ca0d865ead1cf442342578065131e2eae91980d04cc1519dc605922d7685 11827 curl_7.58.0-2ubuntu3.17_ppc64el.buildinfo d09e3c127af4de746bac3b64c80698cd8418dbfbc46edb7080a7a941de98c836 158400 curl_7.58.0-2ubuntu3.17_ppc64el.deb 12848a83fd8c2c558cb64a427ee48870e801c5ddd9f54588c97a906820dc4a36 1413348 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 2d45cca1e90ba8e0c5d3aaa78a17ac79e25f62bbeb78cb4f03fce5ecaf96251e 224384 libcurl3-gnutls_7.58.0-2ubuntu3.17_ppc64el.deb 378403f586176e02f2068c15caf2c9a7c18c17855dcfa7db9c1904689f1a9adc 1450364 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb ebc3d73e70c005b9dfc6f93a148c664cbe60d812cee4894eb1727d8c4c14de4d 231916 libcurl3-nss_7.58.0-2ubuntu3.17_ppc64el.deb f0e53c577fd18b9fd5d7f5eac733bf1771e2fc6a5e4b58a84c5221002d2a25d8 1417720 libcurl4-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb d2b2065b88029e3350a27d081e9dec3f24bbf093d016773c8e84089db4349c2b 322728 libcurl4-gnutls-dev_7.58.0-2ubuntu3.17_ppc64el.deb bed559a958443afd3e41a84fe6acde0cc30748f3144d38302e3faf85ab13e4a4 330976 libcurl4-nss-dev_7.58.0-2ubuntu3.17_ppc64el.deb 90943bd5a3ec356b701974e456bed1a0d0531a3373970df6e2932f71498dd51f 320024 libcurl4-openssl-dev_7.58.0-2ubuntu3.17_ppc64el.deb 998ebeda429df1ea6c4338df51003cd555e6c5233ebc33fb02d2197d26bbf632 223500 libcurl4_7.58.0-2ubuntu3.17_ppc64el.deb Files: 0f24e0bb7340affafb39ef67e71a9956 147292 debug optional curl-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 7410ec9b6412ae8558d5465cd4a2dc07 11827 web optional curl_7.58.0-2ubuntu3.17_ppc64el.buildinfo f9b7f6bb3af0f26bd3f2aaef40f20327 158400 web optional curl_7.58.0-2ubuntu3.17_ppc64el.deb 52f8f5849f80621a62de2f2430532b02 1413348 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 22cb5c8e8761cd7ff67a4c06511a4e02 224384 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.17_ppc64el.deb 3e9bba1ff4c5981c11811e255cea9084 1450364 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 7153d5d421218021ec86f376aedd858d 231916 libs optional libcurl3-nss_7.58.0-2ubuntu3.17_ppc64el.deb 107190c1cc48c6e0bb851602cbcce097 1417720 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.17_ppc64el.ddeb 3fa195eced318b39daad04a9d18f38ed 322728 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.17_ppc64el.deb 27b1b3907b1edbd6e34b55f796a2dd68 330976 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.17_ppc64el.deb 7649df23ce407c45bdb427376fc101a9 320024 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.17_ppc64el.deb 0a16e6c9abfe55fc5fba16b2efcf4eb2 223500 libs optional libcurl4_7.58.0-2ubuntu3.17_ppc64el.deb Original-Maintainer: Alessandro Ghedini