Format: 1.8 Date: Fri, 06 Sep 2019 15:00:31 +0930 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: arm64 Version: 7.47.0-1ubuntu2.14 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Alex Murray Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.14) xenial-security; urgency=medium . * SECURITY UPDATE: double-free when using kerberos over FTP may cause denial-of-service - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid double-free on large memory allocation failures - CVE-2019-5481 * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may cause denial-of-service or remote code-execution - debian/patches/CVE-2019-5482.patch: ensure to use the correct block size when calling recvfrom() if the server returns an OACK without specifying a block size in lib/tftp.c - CVE-2019-5482 Checksums-Sha1: f767eb2e771c108bb0d88e8c1888689e825c8e1f 1090 curl-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 241db467688af86341aa266a04b3dbf8b6b23a06 132858 curl_7.47.0-1ubuntu2.14_arm64.deb 72934c570d69f81673f97a3e03f3cff3a3471fd5 3564490 libcurl3-dbg_7.47.0-1ubuntu2.14_arm64.deb b164ed15fd1840550d8fceca87e69e411ae22ed3 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb ab13b15ccbc1046bab0612f30944ec4b6e21a920 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 56178ce214fa958e83d5ce18b5c7160315e64de7 152582 libcurl3-gnutls_7.47.0-1ubuntu2.14_arm64.deb 658ff77ebaabebae352459fd4b95374f33b94626 1208 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 68b14e799717ca7c4df27bb87f192a43511b9887 157726 libcurl3-nss_7.47.0-1ubuntu2.14_arm64.deb 8ccb8f681a369d5b8bb21b999ce1e5b640f76e8e 154476 libcurl3_7.47.0-1ubuntu2.14_arm64.deb d924c8a880e58477ff5ca43eb0984b3c8c68d0a1 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 94fa975d67bd5f65fc223902b0bbe2c1b80588cd 233610 libcurl4-gnutls-dev_7.47.0-1ubuntu2.14_arm64.deb a19e0025b88311bc792922f5865504c3021585c4 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb b8e1d7895ef1002b96888b871141820a402a94f4 239794 libcurl4-nss-dev_7.47.0-1ubuntu2.14_arm64.deb 854252bbad5227997da1acdf09ddbb00d955d4c6 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 5f49d9144aa41d2536a0016ba69dd828b07c7c93 235238 libcurl4-openssl-dev_7.47.0-1ubuntu2.14_arm64.deb Checksums-Sha256: 4b65d60e8cd8b5a173b62088bd96a5741d5e2e13015c9478c4f6c0fddb00751d 1090 curl-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 7c9d17bebdad4e062d543b97e8b9ee867583e8b418f80d6700a7521dc1646898 132858 curl_7.47.0-1ubuntu2.14_arm64.deb f6fab158fb329ddbe544e58d45886407ae4bb5dfba547c99ef436345af6e9162 3564490 libcurl3-dbg_7.47.0-1ubuntu2.14_arm64.deb 310d074901370eb07219996bb06112348e87b12ac4570433ad0aec8fc831659d 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 774a80af370d0f2c2b79f0691423abda9ad57d57f2be6a769e32bd764f44b61c 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb ecb860a0c8d9c857eac4d1144a572969b9d42e6af3ccb3cabe2768474a806692 152582 libcurl3-gnutls_7.47.0-1ubuntu2.14_arm64.deb c1c551c47ef41ac75867ef768c13ad9f63a62c244bbef1177a100ed13c9e847c 1208 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 6dfe4177bd2a4c3f0db0534df3e68bce832dbbc77de0445dda4022dbe5ec48e8 157726 libcurl3-nss_7.47.0-1ubuntu2.14_arm64.deb 0d80200ef60004f87ce7f2ec1d1ad4f3102b1616e319349b2f6edaad0bff1ec3 154476 libcurl3_7.47.0-1ubuntu2.14_arm64.deb 2044a7bcd66a44184b197f5f46ea52dd9495ac1288552f8c346af2453c13e228 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 0a4dda729a02fda2182670c4f288446d91bfccc176bce442318022b6c9a12161 233610 libcurl4-gnutls-dev_7.47.0-1ubuntu2.14_arm64.deb 7dbf640fe127dfd8b2d10e7dbcaac415cd3acfb1e2b939edf9acfc72df6fc092 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb adb8f3411bc7786a942c65e1d97cb8838f9c26f6df66d98300e20f74f249fe4f 239794 libcurl4-nss-dev_7.47.0-1ubuntu2.14_arm64.deb 019b487261a8454321c7d19143263ebb9e013180b9a748ce553ea5deae111558 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 45cd439221e70b0aca06f33283b850fac158d179b6b18c5e0e62be7f39436251 235238 libcurl4-openssl-dev_7.47.0-1ubuntu2.14_arm64.deb Files: a85641b0916b63f4a0d9f4c3bd3d91b6 1090 web extra curl-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 0fa5500fa3d650256882695a59845637 132858 web optional curl_7.47.0-1ubuntu2.14_arm64.deb 6e261555940cd65884381b46876fadb9 3564490 debug extra libcurl3-dbg_7.47.0-1ubuntu2.14_arm64.deb 99c1fcd183c66dcd73e3133f21219ffe 1204 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb de298843f39836b4940a0bb2c7c2307d 1210 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 8048fa006b1d359de1cbcaad648f7895 152582 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.14_arm64.deb e60b9fe5b5fc24779f12056929e0a530 1208 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb 23faf0e1490b791009403713dd30ff0d 157726 libs optional libcurl3-nss_7.47.0-1ubuntu2.14_arm64.deb cb402c09c4e54aad2186cd55a4e5ceab 154476 libs optional libcurl3_7.47.0-1ubuntu2.14_arm64.deb 6b60be52c42148b2a801436cad18fd7e 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb bf55c5bf8e8e46a4901d0ad8773369b0 233610 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.14_arm64.deb 2689291e0e9f12749f774b10ba0f3a34 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb a1f52f95c6bd0b462b46fe37be01fe90 239794 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.14_arm64.deb b2e86a001ec7df3cdf8709350ea42694 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.14_arm64.ddeb c827e020f3608d480637146fa740edb6 235238 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.14_arm64.deb Original-Maintainer: Alessandro Ghedini