Format: 1.8 Date: Tue, 01 Dec 2020 13:16:27 -0500 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: i386 Version: 7.47.0-1ubuntu2.18 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.18) xenial-security; urgency=medium . * SECURITY UPDATE: FTP redirect to malicious host via PASV response - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*. - CVE-2020-8284 * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of recurse in lib/ftp.c. - CVE-2020-8285 * SECURITY UPDATE: Inferior OCSP verification - debian/patches/CVE-2020-8286.patch: make the OCSP verification verify the certificate id in lib/vtls/openssl.c. - CVE-2020-8286 Checksums-Sha1: 4cdb4e87c019adf4a4185c211963fc82429bb2a8 1090 curl-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 82f63355494ded8e230bad48fbf71a5c176e2b7c 141812 curl_7.47.0-1ubuntu2.18_i386.deb c18fa01468fa67fb68dfb3eb1f98a54afe71ed09 3226796 libcurl3-dbg_7.47.0-1ubuntu2.18_i386.deb efa42a2a8947cf67b2565a0dcc9b3992dd9eab2d 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb ff44613d1d6cfe8fe48e3a2783f9b176fba6d1d7 1212 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb bbf3b65f9b1c5d1b6cba955362239b6dffcf3b78 205530 libcurl3-gnutls_7.47.0-1ubuntu2.18_i386.deb 3439fcc21f267f42a9e2388f5343bc9c434c71e0 1208 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 45097566e420a6ae1ac626bfe282268e29f8e313 211526 libcurl3-nss_7.47.0-1ubuntu2.18_i386.deb df0b7e50474b947cc3fa7aadc0a128c390b32318 208470 libcurl3_7.47.0-1ubuntu2.18_i386.deb 03a5cf4960701770445130a679eabe1dd18fb4f9 1294 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb b52369e6246cf93a77f59496e559f2a36fcdbf37 289598 libcurl4-gnutls-dev_7.47.0-1ubuntu2.18_i386.deb 5c46a47738f47b1201f0c40a2dc7598a1c08cb72 1290 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 5e0b2bb2616e103a55391e6cfa87b655e09e8370 296046 libcurl4-nss-dev_7.47.0-1ubuntu2.18_i386.deb 4dcbaa02126ae339f2bd80293aafeffacb78d3d9 1294 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 6ded9a4a5239e0c7b0c1bad620d8469b1134fe21 292230 libcurl4-openssl-dev_7.47.0-1ubuntu2.18_i386.deb Checksums-Sha256: 491278409e2a2cfb804e8c3c511c206e78c1845f1b36e5c7ab7968896fd85084 1090 curl-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb ac3cef9ae911723309de2ea231f627289dcb5e992652e5397a38b3e508d0f093 141812 curl_7.47.0-1ubuntu2.18_i386.deb aefcab65ecde333174c2446d3a430421676c28a21e959c3c5f881930ce17fdd9 3226796 libcurl3-dbg_7.47.0-1ubuntu2.18_i386.deb 4c4bb87f8e4a450917ec57a3c6be0a07af8cf8b794038cdf700ee9472c7aa317 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb ec93bcdb08374e408fe7e3c5848dd7bec31e0a538009b6a272d1d327c08e21ed 1212 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 521b561aba8543d57099e227df1df1ca10f528fb5cf6c3975faf0f6fb4e58086 205530 libcurl3-gnutls_7.47.0-1ubuntu2.18_i386.deb 0dd978a77091d13b1dff08752372143ea12038d1e51143b2bb2156bea474fa63 1208 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb e838fcda6edfb4a30323e90075d439fe4a35256b3b63dca54a54fd5686e379f1 211526 libcurl3-nss_7.47.0-1ubuntu2.18_i386.deb 69e7241ef51f7962994447e3fc65bfecc0614b5fe0381fc60f87b8a03d116c24 208470 libcurl3_7.47.0-1ubuntu2.18_i386.deb e2e065be875878399e9cb7450b8e1b945436cf11455e582b5e0ffa76f8f039b6 1294 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 30a28f0a6178cb17c1f3c10bb36f47fc5bea0b6d56f7960d8fa4152703e3123f 289598 libcurl4-gnutls-dev_7.47.0-1ubuntu2.18_i386.deb e9085bfd122c7d75b6e801d23a0e0f6e3124080734f4fbe861de8b18d9399bc3 1290 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb fdc3c3c92dc9e5913948d1b3b42d213068973d396c8f806ebf53c9fe1dcd7f9b 296046 libcurl4-nss-dev_7.47.0-1ubuntu2.18_i386.deb 0a6fe2a0617f14aa53db5d9e0530e26e89827eead6d08ddfcc676b136eb61983 1294 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb c2db8975d61ca963f7bd9afdb091d12a13a9588a57aa2b20f83e79e183996ea2 292230 libcurl4-openssl-dev_7.47.0-1ubuntu2.18_i386.deb Files: 3de11ea74d91dcca6429f59d59e24ecf 1090 web extra curl-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 94cec0ca64b83d99110ddf0a9f58ce72 141812 web optional curl_7.47.0-1ubuntu2.18_i386.deb 27763599041be88302f18ee28b00af9c 3226796 debug extra libcurl3-dbg_7.47.0-1ubuntu2.18_i386.deb ce40b6abe8b438046167551e90e5085a 1204 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb d75ea963f922af859c850c04bbc71449 1212 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb bb68eeca8907dbbc6e2f5e11e239c54e 205530 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.18_i386.deb d25d904cb42a2fa9cd57f59dbf1a3560 1208 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb f0c1e464887d69d644c2dd9fec66d2ae 211526 libs optional libcurl3-nss_7.47.0-1ubuntu2.18_i386.deb a3d67075b6f5ff4fb15ef644675cb5c5 208470 libs optional libcurl3_7.47.0-1ubuntu2.18_i386.deb 478929f92f7bbdf25c9ab4076abcc2ec 1294 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 68d9e75bb75d699d2613b0e1d6a1604f 289598 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.18_i386.deb 56c4f8c045fa47937ab27ef0471f2d65 1290 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb 22369e732a9a10dff5af404dae6b5b20 296046 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.18_i386.deb fea71bec0ec6a94549907acd19d08057 1294 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.18_i386.ddeb fb499e6fdf1169ae581a65a6cc292c06 292230 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.18_i386.deb Original-Maintainer: Alessandro Ghedini