Format: 1.8 Date: Fri, 05 Aug 2016 11:17:47 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: armhf Version: 7.47.0-1ubuntu2.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.1) xenial-security; urgency=medium . * SECURITY UPDATE: TLS session resumption client cert bypass - debian/patches/CVE-2016-5419.patch: switch off SSL session id when client cert is used in lib/url.c, lib/urldata.h, lib/vtls/vtls.c. - CVE-2016-5419 * SECURITY UPDATE: re-using connections with wrong client cert - debian/patches/CVE-2016-5420.patch: only reuse connections with the same client cert in lib/vtls/vtls.c. - CVE-2016-5420 * SECURITY UPDATE: use of connection struct after free - debian/patches/CVE-2016-5421.patch: clear connection pointer for easy handles in lib/multi.c. - CVE-2016-5421 Checksums-Sha1: 0392f899518a950aa3e777f47248d17f11d7382e 1088 curl-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 90f21d49fea711ffb6b650cc64df308cbc50a6d1 134944 curl_7.47.0-1ubuntu2.1_armhf.deb b05937549a33688217ae8e668c3b560f8e2a438f 3422622 libcurl3-dbg_7.47.0-1ubuntu2.1_armhf.deb a9ca47962abb5cd6d8bb8dd05ac6f6467b1f64e2 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb a05b5ce98fe01b9f44664182a82e46f85eb666ab 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 1b4ec6263aa271efb0cabba3239d1c2f3348b7f5 158248 libcurl3-gnutls_7.47.0-1ubuntu2.1_armhf.deb 0fe53be18dc307d3573d2b734f62482047ff9e10 1208 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb b330cec696eeafc0d552d5ebd8a0af2bba59d166 164600 libcurl3-nss_7.47.0-1ubuntu2.1_armhf.deb a47f3ca5917876f7695ca2d001f6de41c6a1b84e 161050 libcurl3_7.47.0-1ubuntu2.1_armhf.deb 6aa20eb401074e6dd3a02b9197960726df51e651 1294 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 98d14027b8efccde155401d2ac466722d94c5f71 238620 libcurl4-gnutls-dev_7.47.0-1ubuntu2.1_armhf.deb bb220cee9b65be7ea74e5c1ee81515f1ec69e0c7 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 56fc052286fd593f746d209c025e5d563f36c6c6 244816 libcurl4-nss-dev_7.47.0-1ubuntu2.1_armhf.deb c4aab1a3a50cdabe8f87257f110a810037d6af6f 1294 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 20c3bfd6e58ee08d349939cf6a65cffd43ca25dd 240806 libcurl4-openssl-dev_7.47.0-1ubuntu2.1_armhf.deb Checksums-Sha256: 57bf3b057b392ee771303383d31689a1897814b2981dc8922824a9adc3d3671d 1088 curl-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 27c5a835675c6ec1f23629119eecf680c3b9eedf597222ac3f3ee09bf59ab994 134944 curl_7.47.0-1ubuntu2.1_armhf.deb 14f9835279a343b9c4c5bbf8f708569ee5e4252c515911392185bbdbf06a25f1 3422622 libcurl3-dbg_7.47.0-1ubuntu2.1_armhf.deb 59c7658aa3879dcc56086f9d02ae44856a7216ed24cb49cb8be94d1d243d2355 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 8901c3f5b29d79dd92c934f32b0451ea9e725f0caabffd900d80a3ffad7c6e57 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 991ce851df9df3bf7084460620b6ce2b02a0b47ff42f9e9769a1b5a81c5c4585 158248 libcurl3-gnutls_7.47.0-1ubuntu2.1_armhf.deb ebe821180570c25cc82fa3d7333e47884f217f753568eb4fe21b3496fb42a94a 1208 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 1f740305ec7e3a9ecc8845330a7aacb8d39cd776115ae3479d0a7f9b40a73985 164600 libcurl3-nss_7.47.0-1ubuntu2.1_armhf.deb 7b4b36acb25d6be3fe355d908e6f2cf5ec85774c8fa719fa01b3d6d2d6ed29ea 161050 libcurl3_7.47.0-1ubuntu2.1_armhf.deb 40fd34d4a5394b69eacd907b3bba1cac5a1903e32514603ae41d99b4821ecb52 1294 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb d000dabdda937d1cbc5b9a830656b68c9d62a06ff373d640858702a6481db3e7 238620 libcurl4-gnutls-dev_7.47.0-1ubuntu2.1_armhf.deb 52cc4a498f3d9187c4e6b25b83819cb7d2a64250c595377098b565936fae616e 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb a211494ac930640cf8eb71813e691fc61dfd4cb840a53d29390e876de48a506d 244816 libcurl4-nss-dev_7.47.0-1ubuntu2.1_armhf.deb df379b4a9c7d6e46fffaad963a54e3c8d4aab9fe221d6e522dd15297200c1f4a 1294 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb e0e725774d4ab8b2539aa5639ba18a316f6085ddab286dda9a6343062395f3a9 240806 libcurl4-openssl-dev_7.47.0-1ubuntu2.1_armhf.deb Files: 4751bd00d33349dccd0dae3acc97440f 1088 web extra curl-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 85beaff626cc8fda44824095a86436bd 134944 web optional curl_7.47.0-1ubuntu2.1_armhf.deb 18f6cd2abb3502e1b8f9ebf7f60af374 3422622 debug extra libcurl3-dbg_7.47.0-1ubuntu2.1_armhf.deb 29da166b7e849f6b7e1d833b5f7952ec 1204 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 2cab3af055e6758a6d221ba2c22243e4 1208 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 3248a6df1997538af64f3319650eeea6 158248 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.1_armhf.deb 967c510a52c0adedac5438ae967b0cf0 1208 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb f8298e23a09c2e71d966dccf335440f5 164600 libs optional libcurl3-nss_7.47.0-1ubuntu2.1_armhf.deb 2214f1cb98fe22048ca3e480289a606c 161050 libs optional libcurl3_7.47.0-1ubuntu2.1_armhf.deb b27db5b25e0a63de7c52330c3a002b47 1294 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 265d85f1d98a31ba763844f0ef40ce52 238620 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.1_armhf.deb c41769223d8d0b68db013b6d3a8f5d67 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 20add7c4c9dce0163719b59532043762 244816 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.1_armhf.deb b65a6d25f00e51a01262009e90103ef0 1294 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.1_armhf.ddeb 9ea8ee8ebdd5c6e7cf2a99fdc3067d04 240806 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.1_armhf.deb Original-Maintainer: Alessandro Ghedini