Format: 1.8 Date: Tue, 01 Dec 2020 13:01:10 -0500 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: ppc64el Version: 7.58.0-2ubuntu3.12 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.12) bionic-security; urgency=medium . * SECURITY UPDATE: FTP redirect to malicious host via PASV response - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*. - CVE-2020-8284 * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of recurse in lib/ftp.c. - CVE-2020-8285 * SECURITY UPDATE: Inferior OCSP verification - debian/patches/CVE-2020-8286.patch: make the OCSP verification verify the certificate id in lib/vtls/openssl.c. - CVE-2020-8286 Checksums-Sha1: f9123212c606ebf8bd391567c1f037fdc74a40c4 147328 curl-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb 614ef64bba087dea5bc619ec5c99caa9b925a8a9 11709 curl_7.58.0-2ubuntu3.12_ppc64el.buildinfo 26970b55a6aa25d02b39990eea83cdcd757a2ec7 158344 curl_7.58.0-2ubuntu3.12_ppc64el.deb 724bc82141a1aae55d895617736c3cec19ee5f4a 1374016 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb 7d46aca75d899aa015eabfeec58c13c82b4f424c 217140 libcurl3-gnutls_7.58.0-2ubuntu3.12_ppc64el.deb 17a912d2e88d689eaee677b83a767642a0ea51fb 1410740 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb 2a34e148c0b65bbeeb067df4dd074b8e72f6d4d5 224256 libcurl3-nss_7.58.0-2ubuntu3.12_ppc64el.deb b2c9983a33b5d823664706954b9b0e79edd6f1bd 1377520 libcurl4-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb 4e3aeb1ba4f56b066243ae3bb82ac22a5682088f 313628 libcurl4-gnutls-dev_7.58.0-2ubuntu3.12_ppc64el.deb 030fff16bf8f9b894912bef9fb1f60bd28769cfb 321804 libcurl4-nss-dev_7.58.0-2ubuntu3.12_ppc64el.deb d2b70cabdfc0f86065c72d5d2ef590bfa591e99c 310920 libcurl4-openssl-dev_7.58.0-2ubuntu3.12_ppc64el.deb a645c513cb1e74f74046d8f009c1b2f1178d11db 216240 libcurl4_7.58.0-2ubuntu3.12_ppc64el.deb Checksums-Sha256: 1a44c3860eebe199998c69f443af78c62fc1bbf5a386551a2d1a258de5fff26d 147328 curl-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb fb2abd9a7fecd1be2a958e26dfb05448a9fee94510613ca666d941f17dafc734 11709 curl_7.58.0-2ubuntu3.12_ppc64el.buildinfo dfb1d4e03199d669daa9cfc07c918271a66a32cf335cdaa26daae9567d9b93db 158344 curl_7.58.0-2ubuntu3.12_ppc64el.deb f644436af58954cf86c7831b938abdcf946d26988bd6a897da6a614521c0c286 1374016 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb b6d6e87268cf55f0ce37fb8db3383869f60ee36df0740c8b0f1b65dae3d9b08b 217140 libcurl3-gnutls_7.58.0-2ubuntu3.12_ppc64el.deb 35bde798ddb23a2382bdf130a12e03191aa89f18a5eabc18d0054dcb2a41de35 1410740 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb e4440a8278534c13cf57cb4839daec673ed5ad360f4c7382ea3e61a278775247 224256 libcurl3-nss_7.58.0-2ubuntu3.12_ppc64el.deb 46f901a8e6d8b435d6c04cdde436f38fe6337ae8bbd14ddb8b0c6f2f6d079d0c 1377520 libcurl4-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb dbfea7498ac8338c55e41a7f6572fb3b1354fb6ae80519050793ec9f893b653e 313628 libcurl4-gnutls-dev_7.58.0-2ubuntu3.12_ppc64el.deb 72c160bdbe11e38185105bfc7560f28783c16ff2f31b16227af7c4257023d281 321804 libcurl4-nss-dev_7.58.0-2ubuntu3.12_ppc64el.deb ca6713ad65614c10cba89baccaffb4417bbd49e263d9b47267c737f3f6ff379a 310920 libcurl4-openssl-dev_7.58.0-2ubuntu3.12_ppc64el.deb c1ea1c2a0b1124993d2e9939b543f47470a605b44d68571e5a3501755186a565 216240 libcurl4_7.58.0-2ubuntu3.12_ppc64el.deb Files: 1413bd62f965a76b0790447380e50084 147328 debug optional curl-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb 822b0928c4e5309e1d4fbf819de2c1cb 11709 web optional curl_7.58.0-2ubuntu3.12_ppc64el.buildinfo cd8ed7affd1da9b59b5a89f9f8bc2bbe 158344 web optional curl_7.58.0-2ubuntu3.12_ppc64el.deb 4b8800ddfa4a4d969f6925bf8ae8f14b 1374016 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb 61222fae20defaa135f44684d987707d 217140 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.12_ppc64el.deb f1f113a35d29b36735dc0b2eeeb7968e 1410740 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb b9bbe7c5f3ce50e7ac0dbfef1d782c1c 224256 libs optional libcurl3-nss_7.58.0-2ubuntu3.12_ppc64el.deb a0b50ee7d231971bc918489ed8b0e62e 1377520 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.12_ppc64el.ddeb bc13f53e773c8e7359af0b06ada21ef2 313628 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.12_ppc64el.deb ddc4acc0c95848b2c23285921dfb579d 321804 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.12_ppc64el.deb 5178a9e6ebf290bfc88655bf3f707e89 310920 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.12_ppc64el.deb 059c5582b54263410146d102a809b54d 216240 libs optional libcurl4_7.58.0-2ubuntu3.12_ppc64el.deb Original-Maintainer: Alessandro Ghedini