Format: 1.8 Date: Fri, 06 Sep 2019 15:00:31 +0930 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: armhf Version: 7.47.0-1ubuntu2.14 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Alex Murray Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.14) xenial-security; urgency=medium . * SECURITY UPDATE: double-free when using kerberos over FTP may cause denial-of-service - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid double-free on large memory allocation failures - CVE-2019-5481 * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may cause denial-of-service or remote code-execution - debian/patches/CVE-2019-5482.patch: ensure to use the correct block size when calling recvfrom() if the server returns an OACK without specifying a block size in lib/tftp.c - CVE-2019-5482 Checksums-Sha1: f9a03ca2ef79c398780e4274bbf5a617df81b2ae 1090 curl-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 1273f77f1f9380dd1d78a6a3b165a41b3a837d36 134880 curl_7.47.0-1ubuntu2.14_armhf.deb e4af86a8f86d7c454a81a0a4a69952246c66ed67 3425452 libcurl3-dbg_7.47.0-1ubuntu2.14_armhf.deb 1e6deb8d7d3e079852e158d70fc7d281263731ca 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 37568208fa9430e3f7979825ff35f6718b8c259f 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 19dc5d9bfeb4edaeb862e870f35cfac893af2588 159370 libcurl3-gnutls_7.47.0-1ubuntu2.14_armhf.deb cbea2bf289fc3951a2a4b5c9969ff7f9cb81e7e6 1210 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 883d454bd9eee86daa603f11c517c890b35144cd 165534 libcurl3-nss_7.47.0-1ubuntu2.14_armhf.deb 6032e32af49ef8fd3caa2ca744e7ac0a800211d5 161688 libcurl3_7.47.0-1ubuntu2.14_armhf.deb da93c4e9f08db6a1cf94fe89485ebe9f8b084919 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 3104a04e3f2e00bdeba7f59ecf6921d9af988f9e 238152 libcurl4-gnutls-dev_7.47.0-1ubuntu2.14_armhf.deb dc7cbca2e7549e2ac29383a31d873290c9046954 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 47cde3694ca0d518c9c74dea79659352bc18a136 244414 libcurl4-nss-dev_7.47.0-1ubuntu2.14_armhf.deb f819d82a3f081887c22ba0291732058656994014 1294 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 0f40c662a290947b7234e502a76e8eab64f5b756 240316 libcurl4-openssl-dev_7.47.0-1ubuntu2.14_armhf.deb Checksums-Sha256: 95c1141935fb4287d653c878fe9b5e707925e929cb4c296b5dff5e72a5fa1b5b 1090 curl-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb b2bef13eb17cfd5f31a040cdb6793ab39412000e47bca8ed7ad8f304dce00c1c 134880 curl_7.47.0-1ubuntu2.14_armhf.deb ee8c37f40503cb437935f38787287ccd3dd521682cf64a83a8ce26544b47b510 3425452 libcurl3-dbg_7.47.0-1ubuntu2.14_armhf.deb 8415bc943b8374cd21f524d0cfc1ff3864d1ab099912cea63c5e19baf376f395 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 320df7db0844ce6e77b1df20afa7607021d77c89d2ee557d55da8126704e0934 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb b4c49d28740e8f700911b14d4d240b462bc13918a3723af91c300ceaaa67a610 159370 libcurl3-gnutls_7.47.0-1ubuntu2.14_armhf.deb a06bec2e01d7d2391fa9ed97f01004c42a0e4f32126f2a4020bf87c24077c9c5 1210 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb fa7624581c2513acb53cfcddbb1bbb14bc17929b858530d16708683cf2bb9135 165534 libcurl3-nss_7.47.0-1ubuntu2.14_armhf.deb 5dc0b7eab351e79d60c1fa0523d83f4d384d21fac95d2ee5d19fca7781a285d8 161688 libcurl3_7.47.0-1ubuntu2.14_armhf.deb 888ee1616236745084fee82830bf0589d77f7e1f3543677fc582aa86fe7c9fc7 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 6f185d8a67040c9b071e3c99eedded05aa42689d71f6c68a088d46194887bc45 238152 libcurl4-gnutls-dev_7.47.0-1ubuntu2.14_armhf.deb f287088ba10b0a3387b1897ac9b6105016596598925304fb158346a75ed8eaf6 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb cbebfa0faf7555b2ef624fe91ad7a0e26f9267d4dfa9a170ff7a56809962a8d5 244414 libcurl4-nss-dev_7.47.0-1ubuntu2.14_armhf.deb ef8b2169f5141c92f2d87017939b659f3cd0cb3590763b15bd7bb202092fdc01 1294 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb a8f4dafa0a6a091a7712ec2c6b92aca040f466ce2b8cfe0ca6658daf7f1516e0 240316 libcurl4-openssl-dev_7.47.0-1ubuntu2.14_armhf.deb Files: 7a5c443c58981ab395fd182139f8e431 1090 web extra curl-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 38e5b7ce8d492d756f01455facbfc48f 134880 web optional curl_7.47.0-1ubuntu2.14_armhf.deb 01b9264232f1bcbd7b446b78200b2a02 3425452 debug extra libcurl3-dbg_7.47.0-1ubuntu2.14_armhf.deb 731b816655af30a53f3992cfdc00ac6b 1206 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb d0af9c3e61bbf86d807a18f4579fae3c 1210 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 2baf47af5b3d2d2bf5164339479dc922 159370 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.14_armhf.deb 1970fc2d45ed2386600f8ae8a8a38b68 1210 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 84791a53597edc60334c8f5f401353b3 165534 libs optional libcurl3-nss_7.47.0-1ubuntu2.14_armhf.deb 35d30ecda9db45a522d6f1e5bceca07d 161688 libs optional libcurl3_7.47.0-1ubuntu2.14_armhf.deb efedf3edc385db0401d74e33de5d6b07 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb bebfb4ef48ce709c069a7c33b050f8d9 238152 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.14_armhf.deb ee248ed1fa59954ad1a12ba826a65fc0 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 90db8522adf0baae07b2553303f9dfe3 244414 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.14_armhf.deb 5a85f4398b20c4f223dcce0c4a907b2d 1294 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.14_armhf.ddeb 55d78d0840853682765b838873e4e3b0 240316 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.14_armhf.deb Original-Maintainer: Alessandro Ghedini