Format: 1.8 Date: Tue, 29 Jan 2019 08:44:13 -0500 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: amd64 all Version: 7.61.0-1ubuntu2.3 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.61.0-1ubuntu2.3) cosmic-security; urgency=medium . * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read - debian/patches/CVE-2018-16890.patch: fix size check condition for type2 received data in lib/vauth/ntlm.c. - CVE-2018-16890 * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to avoid buffer overflow in lib/vauth/ntlm.c. - CVE-2019-3822 * SECURITY UPDATE: SMTP end-of-response out-of-bounds read - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in strtol in lib/smtp.c. - CVE-2019-3823 Checksums-Sha1: 22fc33611d4a0ff7541c3e321f910c412d8f0731 166220 curl-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 7881e53026b8cf5476db052de982beff0f70c12f 11427 curl_7.61.0-1ubuntu2.3_amd64.buildinfo a8c7a5f9c4c0c7b45bc2c25cca5ae9a1afca4885 163476 curl_7.61.0-1ubuntu2.3_amd64.deb f499b1bfb770d8304dc02faf1f59236d58977d05 1489724 libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 6e8898a8af5628234315e1be4247a12109507665 214896 libcurl3-gnutls_7.61.0-1ubuntu2.3_amd64.deb 7466f0ebeb0ed2e8f3e52a78ede6bd52b3257d42 1523368 libcurl3-nss-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 1935b61f53434fd600a90de02155e1cd832891e1 220876 libcurl3-nss_7.61.0-1ubuntu2.3_amd64.deb 7e3e878aac82537ac9ad47ac9779a9f0160109e6 1498668 libcurl4-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 30a930ff57a161586349f6370433318e73848aff 867636 libcurl4-doc_7.61.0-1ubuntu2.3_all.deb b9eb1c587eecda3e319d1f64ebd5ccbfb33945a3 296936 libcurl4-gnutls-dev_7.61.0-1ubuntu2.3_amd64.deb 7108631e77a20ace2b1196a57006a7f6a2721dbf 303460 libcurl4-nss-dev_7.61.0-1ubuntu2.3_amd64.deb 7903302a79ccf15edd7da825bb691e72cb9c1516 298516 libcurl4-openssl-dev_7.61.0-1ubuntu2.3_amd64.deb 3480165f29cd76a773c291facb893dfb59cb8cb2 216508 libcurl4_7.61.0-1ubuntu2.3_amd64.deb Checksums-Sha256: 1de89db689fc7400de14835796eca78dfef3ff00d7029eb4697c4e3792687e5a 166220 curl-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 4120304e09f8d2e71d79cc31fc5112d788f6e7c16aabd7aa5d161989261c64ab 11427 curl_7.61.0-1ubuntu2.3_amd64.buildinfo 0ef9c1fe81d26190c8b74a19a97d6c9843f592eb02d905624918ac9679da362f 163476 curl_7.61.0-1ubuntu2.3_amd64.deb 95ac35ad95f48c709004e013280ef93e5b62e3717e31bd706ff7065ed4913a71 1489724 libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 4ad9d47e4b50c3bd514c05e435c5cf6f5ea08feb360caecc3e14a998bcf9fe3b 214896 libcurl3-gnutls_7.61.0-1ubuntu2.3_amd64.deb e91c3944ed55d8bbeac63fffcb2449900ce65fbf6fd32e7174e67e1a3bde82b7 1523368 libcurl3-nss-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 20b06ef8f38d38c9d0a3f8eeff5060f50c4e8c11c57450f19f9f03ebd75a4e89 220876 libcurl3-nss_7.61.0-1ubuntu2.3_amd64.deb 23fdf5ea16503f853f5819d235ec6ecd944268f76ec4c4fd63a7317aaca72b79 1498668 libcurl4-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb f00ea3012f2cbf661f66c05ee3369b34d968ef85811208c27a1b4b4f36c4e4b1 867636 libcurl4-doc_7.61.0-1ubuntu2.3_all.deb 375d46f293ea7389966627b04231f7a952ec4c54dce0eae60abed1d5dd35e5c2 296936 libcurl4-gnutls-dev_7.61.0-1ubuntu2.3_amd64.deb 31f09914a11c17d52890373c7f966bb7af443d6efa321ac0558ae8c106f1cf41 303460 libcurl4-nss-dev_7.61.0-1ubuntu2.3_amd64.deb 15c24b9f6faf5757a1805ae951316c81b924f9d8368b5fc8d308c913e5860cdb 298516 libcurl4-openssl-dev_7.61.0-1ubuntu2.3_amd64.deb 72ca5f3158694753265a7882ff4d3da673261a7679999655faddb33769097aa9 216508 libcurl4_7.61.0-1ubuntu2.3_amd64.deb Files: af965a814ac71505985a2dd560b793e7 166220 debug optional curl-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 000ad455891674a645cf88c526493c01 11427 web optional curl_7.61.0-1ubuntu2.3_amd64.buildinfo 755195beda3ef2f01947d5eb735f406c 163476 web optional curl_7.61.0-1ubuntu2.3_amd64.deb e96fc3ed0a29af1d6d013d3e6c64e652 1489724 debug optional libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 92bd4a991c2916a5b424420c654379e4 214896 libs optional libcurl3-gnutls_7.61.0-1ubuntu2.3_amd64.deb 1018285891d579f0dc44538e066f7a98 1523368 debug optional libcurl3-nss-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 7f4b3d326c74e46969363f935b4c830f 220876 libs optional libcurl3-nss_7.61.0-1ubuntu2.3_amd64.deb 80e5f25893eea83d9e5a9916e4189879 1498668 debug optional libcurl4-dbgsym_7.61.0-1ubuntu2.3_amd64.ddeb 7eeab6f117e1b23e54ba6efb598e1f9c 867636 doc optional libcurl4-doc_7.61.0-1ubuntu2.3_all.deb a4c85142eca70bd86aee9ef4f4476460 296936 libdevel optional libcurl4-gnutls-dev_7.61.0-1ubuntu2.3_amd64.deb 955cf59f8926a303bf23c070bf1d9c33 303460 libdevel optional libcurl4-nss-dev_7.61.0-1ubuntu2.3_amd64.deb 92de9859e9bdee548a9a54873c6e0710 298516 libdevel optional libcurl4-openssl-dev_7.61.0-1ubuntu2.3_amd64.deb 9c06a4479406a1405f9400acd8787972 216508 libs optional libcurl4_7.61.0-1ubuntu2.3_amd64.deb Original-Maintainer: Alessandro Ghedini