Format: 1.8 Date: Fri, 05 Aug 2016 11:17:47 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: arm64 Version: 7.47.0-1ubuntu2.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.1) xenial-security; urgency=medium . * SECURITY UPDATE: TLS session resumption client cert bypass - debian/patches/CVE-2016-5419.patch: switch off SSL session id when client cert is used in lib/url.c, lib/urldata.h, lib/vtls/vtls.c. - CVE-2016-5419 * SECURITY UPDATE: re-using connections with wrong client cert - debian/patches/CVE-2016-5420.patch: only reuse connections with the same client cert in lib/vtls/vtls.c. - CVE-2016-5420 * SECURITY UPDATE: use of connection struct after free - debian/patches/CVE-2016-5421.patch: clear connection pointer for easy handles in lib/multi.c. - CVE-2016-5421 Checksums-Sha1: 0c2ecfe64f2f086dbd49ddfc9af3fdc7ed475c39 1088 curl-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 835e0398140ddc1f653e473926bf6bd8594d5a04 132710 curl_7.47.0-1ubuntu2.1_arm64.deb a462aee178240f07109cff3ca513d73a15b73330 3561516 libcurl3-dbg_7.47.0-1ubuntu2.1_arm64.deb e88a97447d36b446d3752c7ca1c22d269a46ad3c 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb e9c6d615bc126852cd6eec7297c93461959c2c33 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb dc76bc41731c18a01ef638e7426e8f15ce6929aa 151016 libcurl3-gnutls_7.47.0-1ubuntu2.1_arm64.deb 6f734c7f916afbf43ae72731d58d4ef41220217c 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 1b62cb07733bf30302df807027b470934f17c2c6 156884 libcurl3-nss_7.47.0-1ubuntu2.1_arm64.deb 73940148a934a8e8166e60b7484232edca4efe14 153000 libcurl3_7.47.0-1ubuntu2.1_arm64.deb 51851aff36d459390dd2647d448d1f0237932f45 1294 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb a0caccffc6c35e314578bcc604fef054afb26e12 234188 libcurl4-gnutls-dev_7.47.0-1ubuntu2.1_arm64.deb fedeef7a72f1fc6ebe4691027d2eac8845976965 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb de7d5bb2ab69b4e830430327117a8bedc848cf17 240368 libcurl4-nss-dev_7.47.0-1ubuntu2.1_arm64.deb 2c8399436a62d7ed039074daae130110784e8b10 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 0327fd1eda4438036293af83c8ae28cda58d566d 235818 libcurl4-openssl-dev_7.47.0-1ubuntu2.1_arm64.deb Checksums-Sha256: 20e172b4bc3dd3e4a3d495bcc164a38a825f0f07340d374c40aa19ff1445045d 1088 curl-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 42103a885fce2fc2ddbd83aadf4d3347fb9cba118b267d231ccc63bcb4d5cad7 132710 curl_7.47.0-1ubuntu2.1_arm64.deb 5a72c013a498bd6de8e34777bfa4f2a66313fd5c0f2b10af3c9780cf59886185 3561516 libcurl3-dbg_7.47.0-1ubuntu2.1_arm64.deb e80652f02c77ca7fc8445906e488cb10a7acd9c13c0eedeb6d40f7775098b7f2 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb bffa67661a810326840d70e1311a824812cbbf3e6386d5a396faa50c3dbe0391 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 8ff4f29ab1d181742bd55e55f01279fa231a4c3e1426e1e8115140929f8a500b 151016 libcurl3-gnutls_7.47.0-1ubuntu2.1_arm64.deb ed6999f5e9f3e1e9da426d501f5a269fe3cfc3cfe2621e2994545edde15ce5f3 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 84b04be0ccdb72bb3d924a19ecd955dfdd79760893093650d53e8b089e094e36 156884 libcurl3-nss_7.47.0-1ubuntu2.1_arm64.deb 1acdc98ac2e6ef53c8551ae320829a3a75bb9b0f7d2a8d871bcd121582e24164 153000 libcurl3_7.47.0-1ubuntu2.1_arm64.deb e9340a97a5708dfa8a9aa5f3b308b0d6427d9c5703e7aef654379a32b20f7954 1294 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 849fa399b9b94e08a911cde26599ea0fbf889ac80fe95ba8a4625f8b61c2fea8 234188 libcurl4-gnutls-dev_7.47.0-1ubuntu2.1_arm64.deb 43931e8bb8889ec5666dafb99bc87c14b9eaa8342a7e90f4f95beedf2e04996f 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 45ac0cd2f60c592ba4af049b659061cef3dd59f1cbba0cae1c271e2667780877 240368 libcurl4-nss-dev_7.47.0-1ubuntu2.1_arm64.deb 6014e67d68b04fe1876c3f3f87d79c056fcf9630840968f7e36336cbf31792d2 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 3479225de45b80a994e31f203d90f561bfc950295f8ceeda99d9a35a7e819894 235818 libcurl4-openssl-dev_7.47.0-1ubuntu2.1_arm64.deb Files: 65c42428624b1d85109f6ae84982dd96 1088 web extra curl-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 85c63608ab22d05fa83eeca10897ea68 132710 web optional curl_7.47.0-1ubuntu2.1_arm64.deb 928e7f36d7cc2f46c973cc19fa3767b4 3561516 debug extra libcurl3-dbg_7.47.0-1ubuntu2.1_arm64.deb 728c2dc3028bfaf026eb2a38cc9a0717 1204 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 6fe07c8707b238d6e92440fc3f2cacb7 1208 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 045d1e6a6881eb08377b14bd686b38aa 151016 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.1_arm64.deb 5f5dd325331ad206987de04e700e191a 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 1a3f75a0af2e912e127b6462a1dbf980 156884 libs optional libcurl3-nss_7.47.0-1ubuntu2.1_arm64.deb 433389a4345fe29d42643a73604c80b4 153000 libs optional libcurl3_7.47.0-1ubuntu2.1_arm64.deb 32ad4d82bd4706d625569708aa0ce699 1294 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb 79bda21fa1f0f746bf174842daf9636a 234188 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.1_arm64.deb 15bc2992cb85e22698359f4614958a74 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb e998f0abaee528e259df0bd62f7b3b0c 240368 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.1_arm64.deb 88e919cc1d9cc64e1548c11cc66ea7c5 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.1_arm64.ddeb f6369d61c0c9e228689aab406f12bd95 235818 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.1_arm64.deb Original-Maintainer: Alessandro Ghedini