Format: 1.8 Date: Fri, 06 Sep 2019 14:57:21 +0930 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: ppc64el Version: 7.58.0-2ubuntu3.8 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Alex Murray Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.8) bionic-security; urgency=medium . * SECURITY UPDATE: double-free when using kerberos over FTP may cause denial-of-service - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid double-free on large memory allocation failures - CVE-2019-5481 * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may cause denial-of-service or remote code-execution - debian/patches/CVE-2019-5482.patch: ensure to use the correct block size when calling recvfrom() if the server returns an OACK without specifying a block size in lib/tftp.c - CVE-2019-5482 Checksums-Sha1: 67dac455c0a40cc4667d3969f90b27c61366983b 147208 curl-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb 8265799687612372db6a176b8ad4804f6b14fe74 11597 curl_7.58.0-2ubuntu3.8_ppc64el.buildinfo 17b03e7c04a569eb39402a22c1c98896270e58ca 158320 curl_7.58.0-2ubuntu3.8_ppc64el.deb 5408574e666bf45dd96b26b199b4c8c9ac30d687 1373828 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb 8674abfe2328e4871cf5df5e163d179a6243da35 217368 libcurl3-gnutls_7.58.0-2ubuntu3.8_ppc64el.deb a1f7c2e9dcd848ea4bff8bb7345f2ad306da8023 1411224 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb e42c8ec4f3008bc381d310ad7ba1e0a6517c4744 225160 libcurl3-nss_7.58.0-2ubuntu3.8_ppc64el.deb c1d0de3d8ba2ecb8902651088b00fa5ba8ede27d 1378080 libcurl4-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb e31786546fbdc14f97c8a80e2d1c2ced2964de02 313676 libcurl4-gnutls-dev_7.58.0-2ubuntu3.8_ppc64el.deb 495b4d6f427726aea0b36eade8d59d009ff7433b 321868 libcurl4-nss-dev_7.58.0-2ubuntu3.8_ppc64el.deb ff2b7a22ab3ee50b60e8d295ddee8b422e260b1d 310796 libcurl4-openssl-dev_7.58.0-2ubuntu3.8_ppc64el.deb 022ca9156b63feb6c3a9cb5f3c6fc0f1ccaf9c20 216876 libcurl4_7.58.0-2ubuntu3.8_ppc64el.deb Checksums-Sha256: 4e9e0f690f2bce1eef1b11450b564770e1b0b33432e20dee82db52c3143deb12 147208 curl-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb f0c013167b65248eb8dfbde1cb0b01a8a77b8047f26f9c70b8bfa5cb5391fba0 11597 curl_7.58.0-2ubuntu3.8_ppc64el.buildinfo be53845e3bcb2552999b1d11f98f6334ca14f4bc6302b4b0d812cbaf4f15f8da 158320 curl_7.58.0-2ubuntu3.8_ppc64el.deb 1059942546d28d7011c38cbb7681479bca0244231ffa1540512a69140e37db74 1373828 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb 028a3b2a1c108638f795cee656fda3aaa3502697678e890ebe45f22162c3d9b2 217368 libcurl3-gnutls_7.58.0-2ubuntu3.8_ppc64el.deb 7117429b06f12650677dbe634f4f59b883da893bbb329a64373211ce8124b646 1411224 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb 87611232be2a7bbe2013d9db831c0c5b397c357426efae07bf78f260e0c19053 225160 libcurl3-nss_7.58.0-2ubuntu3.8_ppc64el.deb ee5d7eff7cdc682f09c800375e96a1e9d2625c03c647d6a7ceb6e5117d8cf0be 1378080 libcurl4-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb a84f4917a89b2d8d34a951fe043a258754728dd00f4bf61687696689494845dd 313676 libcurl4-gnutls-dev_7.58.0-2ubuntu3.8_ppc64el.deb 2acc89f27e5df71d7251880da128183020b12da6bbf3c4da2cd814a5ef37f1a4 321868 libcurl4-nss-dev_7.58.0-2ubuntu3.8_ppc64el.deb ac4e68ddc184c945f18f8603f3a095b0f2bb99b2af01f9b1fff18dc300091c7b 310796 libcurl4-openssl-dev_7.58.0-2ubuntu3.8_ppc64el.deb 5bea5506cf34999accc945cb1fe5a54d015d4268424ee5ce8a554d4d772b706b 216876 libcurl4_7.58.0-2ubuntu3.8_ppc64el.deb Files: 6e57eca5036ae9e8998a4344898065b8 147208 debug optional curl-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb a29dd36300d9069c24d3f2b57fe6b6eb 11597 web optional curl_7.58.0-2ubuntu3.8_ppc64el.buildinfo f77363889d4b0202a0ce2ac8b053bee7 158320 web optional curl_7.58.0-2ubuntu3.8_ppc64el.deb 82111fdbf7f934ed60c0d6d2b12acb21 1373828 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb 683fe7775819500b4100df88e4398fe2 217368 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.8_ppc64el.deb 1c2be1598578f141bd11ca2bbbcf17fc 1411224 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb 6ed0a460601d82e8cdd119ad48131bc2 225160 libs optional libcurl3-nss_7.58.0-2ubuntu3.8_ppc64el.deb 625e552f2223e9b73f9d6c68facb1ee9 1378080 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.8_ppc64el.ddeb 2e5092b4e99e44630bf9a8ed31b1348e 313676 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.8_ppc64el.deb d949fa6a9ef349b4db888f03acadfb26 321868 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.8_ppc64el.deb eacfb3f40e54e61d09534739b4f5f000 310796 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.8_ppc64el.deb 0dd9f256b734aaca8a3db25bdfd33b15 216876 libs optional libcurl4_7.58.0-2ubuntu3.8_ppc64el.deb Original-Maintainer: Alessandro Ghedini