Format: 1.8 Date: Tue, 29 Jan 2019 08:44:13 -0500 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: armhf Version: 7.61.0-1ubuntu2.3 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.61.0-1ubuntu2.3) cosmic-security; urgency=medium . * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read - debian/patches/CVE-2018-16890.patch: fix size check condition for type2 received data in lib/vauth/ntlm.c. - CVE-2018-16890 * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to avoid buffer overflow in lib/vauth/ntlm.c. - CVE-2019-3822 * SECURITY UPDATE: SMTP end-of-response out-of-bounds read - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in strtol in lib/smtp.c. - CVE-2019-3823 Checksums-Sha1: bc5202dc573fc960a35f18efc8e5c1ab61ea77d8 163240 curl-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb 0c86bbfe7f47e28c8ffb8f7bd974e0520e02f8a5 10994 curl_7.61.0-1ubuntu2.3_armhf.buildinfo 151989e1a2ef57c126cdb2c5da36bdf06f772b70 156388 curl_7.61.0-1ubuntu2.3_armhf.deb 34f0c02f2b8e0f4a5d9757d66d2984c277541756 1463836 libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb c9ad4620be2baedb12ba868260ed1e99032acecc 183192 libcurl3-gnutls_7.61.0-1ubuntu2.3_armhf.deb f251ae05c7124c08be9034e3005f34c40ee7e657 1497436 libcurl3-nss-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb 9ee2e8d094381e0feb1eca87888230e8d9cbaac2 188912 libcurl3-nss_7.61.0-1ubuntu2.3_armhf.deb 9a138a15b9c8abda631a03fcbaf0fdcac8dba5c7 1469492 libcurl4-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb f312fe637ccf7ceb1eca1822ed941e05ed128d80 271264 libcurl4-gnutls-dev_7.61.0-1ubuntu2.3_armhf.deb 0027f510bbd71342a538bf5785ee7da8d871af00 277368 libcurl4-nss-dev_7.61.0-1ubuntu2.3_armhf.deb c204ac905f1b057b22f0c00ae2fc2faaf45fcf77 272908 libcurl4-openssl-dev_7.61.0-1ubuntu2.3_armhf.deb 990a67e3f6b018682b67cc0af50bda237f050dbf 184892 libcurl4_7.61.0-1ubuntu2.3_armhf.deb Checksums-Sha256: 919a8cd95564d149182024906f3b23d053cf06dad42f45a9c4ef242f4ffc00a2 163240 curl-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb 2203ecd3f5bfb3fe85df45a0afeb9248cca8ca72c33c9b3321e7e26364dfae97 10994 curl_7.61.0-1ubuntu2.3_armhf.buildinfo 3183f7eb25649244a2ad7b302b45c0cd4d36491d3aabb82dfb336b92ed3b1c3c 156388 curl_7.61.0-1ubuntu2.3_armhf.deb 5be6faf3b24ef009108f011a1a7a0167381ad014b4edcad956dba9de3004b060 1463836 libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb 23195b11c0f3371ebf83c775a31030d76a4f3bd7b0c0717bb1b2b7250d4d62ce 183192 libcurl3-gnutls_7.61.0-1ubuntu2.3_armhf.deb 4b7e8d6e59d70e74d4870f18b7873d528382f635ebab3ec9e21a308a865ea1cf 1497436 libcurl3-nss-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb ae9dc1d124681e5025f142855b61d20efd262867773fb2c6b0b18c050236ede5 188912 libcurl3-nss_7.61.0-1ubuntu2.3_armhf.deb 83c73c0bd65c806a4a2828b83c12c1a690437dd58dcdb2d6cf03f4cf21dd0a5b 1469492 libcurl4-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb f25762d456f008bdffa69c2981a2a40c8192f3882e9141e76876460d5f18f326 271264 libcurl4-gnutls-dev_7.61.0-1ubuntu2.3_armhf.deb ee6ed043392ff9391e6cfa4207db8f6756170bbb31de1655d73750d4fe713317 277368 libcurl4-nss-dev_7.61.0-1ubuntu2.3_armhf.deb c171114fb13c6b1ee60840703da4e42636940cc4856477baed1512e8c730dc39 272908 libcurl4-openssl-dev_7.61.0-1ubuntu2.3_armhf.deb 7994efb134690db61baf56b94ea71541f8fd138c5fcb6082f70ebc5add2caaf9 184892 libcurl4_7.61.0-1ubuntu2.3_armhf.deb Files: 591ea034b8e3620da5bbdf782b8ea26d 163240 debug optional curl-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb f1b8cf0793d7335ce98fd97a5848804d 10994 web optional curl_7.61.0-1ubuntu2.3_armhf.buildinfo d0fb824e53762b85b7443177cfd9b168 156388 web optional curl_7.61.0-1ubuntu2.3_armhf.deb 7a7cc8bf3343ca91d99cbab104fd5153 1463836 debug optional libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb 20f0eabdbfc29a0fb63cb8f12e177984 183192 libs optional libcurl3-gnutls_7.61.0-1ubuntu2.3_armhf.deb 922e897b4d133e61d8a42f302af394e9 1497436 debug optional libcurl3-nss-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb f842940674e925400c95b93d3c04ab97 188912 libs optional libcurl3-nss_7.61.0-1ubuntu2.3_armhf.deb af7bf82f38150cbdc2b7786df8e2e7b6 1469492 debug optional libcurl4-dbgsym_7.61.0-1ubuntu2.3_armhf.ddeb de7310381371a3fab61d64f14a0634b7 271264 libdevel optional libcurl4-gnutls-dev_7.61.0-1ubuntu2.3_armhf.deb 809341b5f7bade5ef88556a03aa18001 277368 libdevel optional libcurl4-nss-dev_7.61.0-1ubuntu2.3_armhf.deb e1ff9f963bb45498f4695b52acb83015 272908 libdevel optional libcurl4-openssl-dev_7.61.0-1ubuntu2.3_armhf.deb 2873122624c7829478006a69ca38dbe9 184892 libs optional libcurl4_7.61.0-1ubuntu2.3_armhf.deb Original-Maintainer: Alessandro Ghedini