Format: 1.8 Date: Mon, 30 Nov 2020 10:49:53 -0500 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: i386 Version: 7.68.0-1ubuntu4.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.68.0-1ubuntu4.2) groovy-security; urgency=medium . * SECURITY UPDATE: wrong connect-only connection - debian/patches/CVE-2020-8231.patch: remember last connection by id, not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c, lib/urldata.h. - CVE-2020-8231 * SECURITY UPDATE: FTP redirect to malicious host via PASV response - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*. - CVE-2020-8284 * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of recurse in lib/ftp.c. - CVE-2020-8285 * SECURITY UPDATE: Inferior OCSP verification - debian/patches/CVE-2020-8286.patch: make the OCSP verification verify the certificate id in lib/vtls/openssl.c. - CVE-2020-8286 Checksums-Sha1: b1ffeae2000279fcc548ac164fa61caacbe51729 121612 curl-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb 6669a841c83242552e513f49378176f412956939 11385 curl_7.68.0-1ubuntu4.2_i386.buildinfo 32d0376506e20b763664a768b4f67f4ffb747fd5 165508 curl_7.68.0-1ubuntu4.2_i386.deb f61c5f22004ffa187438d106f84b44ac2a2fde10 673144 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb a1efc8b4325e11a70d5d7752162ffcef4fbe29c3 260112 libcurl3-gnutls_7.68.0-1ubuntu4.2_i386.deb b0b1217ba0de30abce9a1d7981127e559d8d5e2c 707488 libcurl3-nss-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb 7794da84ebf1d7d03328644a40581b7b944d05ac 266304 libcurl3-nss_7.68.0-1ubuntu4.2_i386.deb d7bc59b885bc11835e799dce17d194176ac41d72 686680 libcurl4-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb a881b5438b519afc8239002ceab9e6ba0958fb66 357808 libcurl4-gnutls-dev_7.68.0-1ubuntu4.2_i386.deb e40ff08e73667a5e0a9033535e4c344f6a877486 364256 libcurl4-nss-dev_7.68.0-1ubuntu4.2_i386.deb c71eb168af9a3d136e3761cdacd03bc83144b961 360324 libcurl4-openssl-dev_7.68.0-1ubuntu4.2_i386.deb 1f646da8452717d9bbe1a1b0c57bef1169da48f0 262940 libcurl4_7.68.0-1ubuntu4.2_i386.deb Checksums-Sha256: fa3d23d8308990664e06191fac05d216c8ce2c199ad7b1e971819be5695e3bf1 121612 curl-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb 4332738c39ae6ce9f599e1f661ea157e9f7c9c7bcb63d66d96d3a94572eee8f9 11385 curl_7.68.0-1ubuntu4.2_i386.buildinfo 1722c83043258d9e5de2056346d9bcc0204fac70a4f9bd55e7a751c9a4f7a157 165508 curl_7.68.0-1ubuntu4.2_i386.deb 075e3fbbb9b51f7a3287165b99dd25d24c79729577dbc5c8cd44740f4cb9995d 673144 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb 8bf35e0e9847972818d174c5cac3e01bce6b980a861292190e2c372db1cdcac0 260112 libcurl3-gnutls_7.68.0-1ubuntu4.2_i386.deb 916599e953d46f2b9514a775e119467f6bd872937bb8e9d7941642a7d0d2adab 707488 libcurl3-nss-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb cb577e624d4edd9f54cb8c36b0ab322d23515c5e5c19a2b21e645e3a6f13ae6a 266304 libcurl3-nss_7.68.0-1ubuntu4.2_i386.deb 2aa35c8c472fce9da075e28d5b0461aa4134a4f5645a64983bb88fccf0a00840 686680 libcurl4-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb c86d111037038b7b757daec0e09beef4bc4181c424975bd40963e7832cd5f215 357808 libcurl4-gnutls-dev_7.68.0-1ubuntu4.2_i386.deb 3b6a9b3b398c763358af8fe520a13f1747697ec087e79ea02feccf04f42a0aa1 364256 libcurl4-nss-dev_7.68.0-1ubuntu4.2_i386.deb afd71d31074fd842d9d2457bcb7ecaefc1113215c4ecbf1858f4be201901c305 360324 libcurl4-openssl-dev_7.68.0-1ubuntu4.2_i386.deb 7eae9d87465171afeacb36fdf1157d90e954fbc3aade9b53ccecb7bfc4015ef2 262940 libcurl4_7.68.0-1ubuntu4.2_i386.deb Files: ddc1ead74b4a16b486a3ad06d1a4ab41 121612 debug optional curl-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb 21941c8b8aa567fe1b8c32bbfb9428c5 11385 web optional curl_7.68.0-1ubuntu4.2_i386.buildinfo 01b784537fdfea864203356cc5a195d4 165508 web optional curl_7.68.0-1ubuntu4.2_i386.deb ef8d0cf9663a36c60629d3159fca59f5 673144 debug optional libcurl3-gnutls-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb e59247e16bc6a808b486c8fa5bf44d8d 260112 libs optional libcurl3-gnutls_7.68.0-1ubuntu4.2_i386.deb ce7156a59717e17dcf8b2490fa1ddfdf 707488 debug optional libcurl3-nss-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb 67d5d5aa4ec794a130b818067aa6a0d7 266304 libs optional libcurl3-nss_7.68.0-1ubuntu4.2_i386.deb 5f53619cfdb6ab070d07e3bf1cd45946 686680 debug optional libcurl4-dbgsym_7.68.0-1ubuntu4.2_i386.ddeb ab5e021965a183e1a1f0d709d87e891f 357808 libdevel optional libcurl4-gnutls-dev_7.68.0-1ubuntu4.2_i386.deb 0a0cf33983440bc79b79b8a3b5f82551 364256 libdevel optional libcurl4-nss-dev_7.68.0-1ubuntu4.2_i386.deb 567f214001e5a525f60ddfc661fa5cf8 360324 libdevel optional libcurl4-openssl-dev_7.68.0-1ubuntu4.2_i386.deb 985e2962c08954dd5b79b9914642f3d0 262940 libs optional libcurl4_7.68.0-1ubuntu4.2_i386.deb Original-Maintainer: Alessandro Ghedini