Format: 1.8 Date: Mon, 29 Jan 2018 16:06:08 -0300 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: amd64 all Version: 7.47.0-1ubuntu2.6 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas S. Barbosa Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.6) xenial-security; urgency=medium . * SECURITY UPDATE: Out of bounds read in code handling HTTP/2 - debian/patches/CVE-2018-1000005.patch: fix incorrect trailer buffer size in lib/http2.c. - CVE-2018-1000005 * SECURITY UPDATE: leak authentication data - debian/patches/CVE-2018-1000007.patch: prevent custom authorization headers in redirects in lib/http.c, lib/url.c, lib/urldata.h, tests/data/Makefile.in, tests/data/test317, tests/data/test318. - CVE-2018-1000007 Checksums-Sha1: 827cf6dd114d1aa3eb7bed5bfb59f94d85c7b565 1086 curl-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb a9fea1d30d218c5d4be747975d6f3d7adf1dc165 138468 curl_7.47.0-1ubuntu2.6_amd64.deb 92ecc321b7749657b6bb6a088035a034c6a90a3f 3504634 libcurl3-dbg_7.47.0-1ubuntu2.6_amd64.deb 3bef38eccfe0a55af97177141e361f633a05b780 1202 libcurl3-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 5ca01511353587bad1acad9f120bce5f4f955aee 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 8c9e02c772286b07284e5adc8d0aa5e6b83daf80 184348 libcurl3-gnutls_7.47.0-1ubuntu2.6_amd64.deb 8a6e5d06fb7a3fa978ea152c762e100393a7be71 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 37e7000cb2327f0ec9dde84b85259a19752e426b 190968 libcurl3-nss_7.47.0-1ubuntu2.6_amd64.deb 2716078b3e7384bb82f4c6bbd22f5c1987292778 186706 libcurl3_7.47.0-1ubuntu2.6_amd64.deb aeb05df977d5662b068d0514b931b088a7f56824 1157856 libcurl4-doc_7.47.0-1ubuntu2.6_all.deb 34bf801e9d620575328df17c0727dd1134132813 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 85c452edefe64e46758b735e144fb93fe09648fd 260284 libcurl4-gnutls-dev_7.47.0-1ubuntu2.6_amd64.deb 3b1827ee3c9c525d624e50a642dcf65e1309a54a 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb a45024836e657a9edbef4e02a09c2323d9bbd1f0 266948 libcurl4-nss-dev_7.47.0-1ubuntu2.6_amd64.deb f407421ba827c50d2540ca8570515e04656fd4cc 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb d6868486f214fb2983fa7661f409b2bcee9f31eb 262342 libcurl4-openssl-dev_7.47.0-1ubuntu2.6_amd64.deb Checksums-Sha256: b4ee8994913782b24ceaf77d59cd027713efeae1e24677da467f9d4a1896333d 1086 curl-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 7a01440e492e7a43d2273f128bf20e5ce430a1a87614b87bdf6479f72a77ee6a 138468 curl_7.47.0-1ubuntu2.6_amd64.deb 5da770c262746e3d5b1bdd45e06747c4da817865b14b93d7aca6771721ab77fd 3504634 libcurl3-dbg_7.47.0-1ubuntu2.6_amd64.deb ece1412bdd67bd85223eb53e3ed2af444fb9601c00b02575edbd415cf6f24def 1202 libcurl3-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 6724f44d93f2b56adfd79f8d5e3a66c6f3722c7606a1d56e6102f024d0300cfc 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb dfef628184d2a9499867b57a8ce7204e45d9d28f10880c5b1822f863da38dbe9 184348 libcurl3-gnutls_7.47.0-1ubuntu2.6_amd64.deb d79665f342ea4432b9613c2638e980fee10cffebf1ba8c2d78b3b4ca89ab8a3c 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 52d306003f7b4593e50e88620f8946482e3639c16e26532dc20b7c1d217707db 190968 libcurl3-nss_7.47.0-1ubuntu2.6_amd64.deb d51243d736190c83cc29bf92b69d43260bc57485f770e428b9097d3d32e88257 186706 libcurl3_7.47.0-1ubuntu2.6_amd64.deb cb221b302a2761c0c254f5f67e2f664af627e36cf5dcc2be6a6d571f9671699f 1157856 libcurl4-doc_7.47.0-1ubuntu2.6_all.deb 7e278bca6c948ed68b6c18a802ebdfbb3749d1ddc79aea2da58c28d715e09d2b 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb c309bc2f0cc749f0b59e02ccebcf609d29cbbdd9b3746df4146eb54c5caba688 260284 libcurl4-gnutls-dev_7.47.0-1ubuntu2.6_amd64.deb edebb5d770600fd19cc2e68fa59e7eaff4b5165b6a6ca2b5d69998ebc7277490 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 88afaa627ff905c9994baa25a7edf8777287116653240321691cfa197012d37b 266948 libcurl4-nss-dev_7.47.0-1ubuntu2.6_amd64.deb 167ed2e122fe43a0075cc8c0fc16b975de17974ddc41d79683d26b515c46f70b 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 8a9ee1733b3889a5e2ec500c6e8e51a3b92aff486d442f9ecbfbae1ba5db324a 262342 libcurl4-openssl-dev_7.47.0-1ubuntu2.6_amd64.deb Files: ce7e04b0cb761c4a057913d2b7e10b12 1086 web extra curl-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 97901809e7758f430d0f7d5ae25e3619 138468 web optional curl_7.47.0-1ubuntu2.6_amd64.deb 3c8d19b28ffc59008a2101d4742461b4 3504634 debug extra libcurl3-dbg_7.47.0-1ubuntu2.6_amd64.deb 51c91fa40159c689cad31c0971951ff2 1202 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 760fcd54aeb1df0ff834b5f7748d9b29 1208 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb c361cecf93c0cc8c124d983fde17fad4 184348 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.6_amd64.deb 936404fd30aa7baeef38d6d223c529a1 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 6636dbcd28f5d97bde0c16c0800c6983 190968 libs optional libcurl3-nss_7.47.0-1ubuntu2.6_amd64.deb 9fa6ecff1c3a67952778ee4e1f634a9b 186706 libs optional libcurl3_7.47.0-1ubuntu2.6_amd64.deb 5f9d865f0b03540d55cb37b4c5aa9bd0 1157856 doc optional libcurl4-doc_7.47.0-1ubuntu2.6_all.deb 72d023b8f86b2c04600cd2c05f69e9a3 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb a7c9c24492301d2efcfa2a4e67a792fd 260284 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.6_amd64.deb 0ecbf385ef7970337998bf8a720812d5 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 5d40126f078c5cd021a7e7d4931e460f 266948 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.6_amd64.deb df10fb0c8df45121b5aac0665cb702e5 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.6_amd64.ddeb 5bcc09ac18bf7cada724177053e4417e 262342 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.6_amd64.deb Original-Maintainer: Alessandro Ghedini