Format: 1.8 Date: Mon, 29 Oct 2018 08:13:39 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: s390x Version: 7.47.0-1ubuntu2.11 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.11) xenial-security; urgency=medium . * SECURITY UPDATE: SASL password overflow via integer overflow - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in lib/curl_sasl.c. - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c. - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c. - CVE-2018-16839 * SECURITY UPDATE: warning message out-of-buffer read - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c. - CVE number pending Checksums-Sha1: 7bfdc60263755a3c3d1792ccd2f9e13da9b548eb 1088 curl-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 2c0e151fcdccbbc35f376a8bc152c1ce79ee36b9 136896 curl_7.47.0-1ubuntu2.11_s390x.deb fca2d8af717854f89c0602ee8be1e403c873a791 3596498 libcurl3-dbg_7.47.0-1ubuntu2.11_s390x.deb 17af68597750766af1820ff82a78ab538f19c3d5 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 0c66c42f49e6c6f489a3bfc5a4c7d1ef2aa02f77 1212 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 917d72f2215d62c75e6698c25b2bc492710966a5 174432 libcurl3-gnutls_7.47.0-1ubuntu2.11_s390x.deb 7572eff2b8954d05474f421a63189f2e4eac419e 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 3a2316b670e685ddd04fe6b7d912d1eeaa97f1f0 181344 libcurl3-nss_7.47.0-1ubuntu2.11_s390x.deb 59c96ee5d05412657623f27a78d72489935d39da 176622 libcurl3_7.47.0-1ubuntu2.11_s390x.deb af0d381e1bea0eb372c0a9c322fc9bfba794315e 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 0f3dae2bca1a05336dfd0e763fff0a042970c33b 252498 libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_s390x.deb d6ebf262ee753d5737d5c147426a80ab0acd1f57 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb c0de20da041acfe895eacad699b3a8595f218adf 259318 libcurl4-nss-dev_7.47.0-1ubuntu2.11_s390x.deb be95b670d65321196d1f2ffeaba68d0d72b1fb93 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb c6efb3488bbda89874b030efba1cce7439f388a6 255306 libcurl4-openssl-dev_7.47.0-1ubuntu2.11_s390x.deb Checksums-Sha256: 64ff65a510687bda50b833a0cb820249e20d3561def1938cbca0f0fa28103d8b 1088 curl-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb a6714bb3fc5eb1344562f7afe8c0e560d659b484d63cb53c203f354ee4adb819 136896 curl_7.47.0-1ubuntu2.11_s390x.deb 9cce563c1202cd34c3bdea1d9958b5e5ce915e190bd39e1f48e7ef564d75f7b0 3596498 libcurl3-dbg_7.47.0-1ubuntu2.11_s390x.deb 0dbc67fbc846f78ed4ca62bc9a6d1f90fb0b16507a253c901df682e14097c467 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb abf97c4e4216f5074fddb1ee8a40ff7fdbf7c303b5b3ff32fe3da2768c8d0a2f 1212 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb b43a037121b7c08057cc781112fb314f6e023912427ea66682fe8c2fcea41020 174432 libcurl3-gnutls_7.47.0-1ubuntu2.11_s390x.deb b54dd54292418e363d1e77679a9562eb4b6c2f415c238ed3da6ad507a3f1a7ce 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 32e4431aac238cf410e2ed20962f56bc46a7d1a655ad66574f2dd06a110c90a8 181344 libcurl3-nss_7.47.0-1ubuntu2.11_s390x.deb a0e4b41342d152d0066da29d55e6c91caeec240c972cbb5e771e2e1741dc885d 176622 libcurl3_7.47.0-1ubuntu2.11_s390x.deb c65fb0ec07dae82e473577cf93530d77fc49d6b066a1eeef88f20f9e0969af70 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb d2d1c3041a03fdc41b5ffe0ddcd83169cf2ccce6d95d2b96bfa56e7bcfc1cf77 252498 libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_s390x.deb 7067188abe0e11019e756a0daefd4dacae7584693a3e36d57c5a6ebe30855740 1286 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 258a985bc16c058766b80b8b5ab9c2a2b44e3328b9f33c33eb9f9f6516cfc065 259318 libcurl4-nss-dev_7.47.0-1ubuntu2.11_s390x.deb 4c9782136ec61edca80b1d87eebf0a7cf32834028424451ba54225cec0dc5b0c 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb d6c0d46ac9a0101fa41217a10149e34b2aa43f6d32469fa8771a398d9883226b 255306 libcurl4-openssl-dev_7.47.0-1ubuntu2.11_s390x.deb Files: 59a2ec249fc621588c1164eaf4124f7d 1088 web extra curl-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 6832b1d61b1720eb7cf3fb5fc3db9e38 136896 web optional curl_7.47.0-1ubuntu2.11_s390x.deb 708a20b8a6d2217d8ce42504819c4f98 3596498 debug extra libcurl3-dbg_7.47.0-1ubuntu2.11_s390x.deb fce408baafc86daa2bd0bbe294ab6a20 1204 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 611bbc2fe37a17c9429f382af091e67a 1212 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 95ee7f7c46b95790feefcdf459fdb137 174432 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.11_s390x.deb d555bc573b8023c3de20f672e73a252e 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb b2cdd13ab0836079324b4f86c9c1dbcb 181344 libs optional libcurl3-nss_7.47.0-1ubuntu2.11_s390x.deb d8cadf4d5d404bd7b963fbbbf3a7cc9f 176622 libs optional libcurl3_7.47.0-1ubuntu2.11_s390x.deb b23b9acd7318fb740e6d06ace988f8c3 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 71836749cd7555476cf9fd080f64c4a5 252498 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_s390x.deb ac064c9a205e3080fbc9781fa7dc623c 1286 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb cd044237c7d4fc178d691fb6752e23ae 259318 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.11_s390x.deb c5cdb233de412225ec616c0ba21148bf 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_s390x.ddeb 53e8d92fd2c3e281682977c2f7bfaee8 255306 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.11_s390x.deb Original-Maintainer: Alessandro Ghedini