Format: 1.8 Date: Tue, 23 Mar 2021 09:13:58 -0400 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: s390x Version: 7.58.0-2ubuntu3.13 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.13) bionic-security; urgency=medium . * SECURITY UPDATE: data leak via referer header field - debian/patches/urlapi.patch: backport url api support in include/curl/Makefile.am, include/curl/curl.h, include/curl/urlapi.h, lib/Makefile.inc, lib/urlapi-int.h, lib/urlapi.c, lib/curl_setup_once.h, lib/url.c, lib/url.h, lib/escape.c, lib/escape.h, docs/libcurl/symbols-in-versions. - debian/libcurl*.symbols: added new symbols. - debian/patches/CVE-2021-22876.patch: strip credentials from the auto-referer header field in lib/transfer.c. - CVE-2021-22876 Checksums-Sha1: 8dff52eca151706eba7a624a6b76ef013df302d0 150272 curl-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb 001887e0db653eb7eacbf6e6747b5fde92e35428 11584 curl_7.58.0-2ubuntu3.13_s390x.buildinfo 2813f5ca92d7922ac6d10180a5d57b8302bb650a 155280 curl_7.58.0-2ubuntu3.13_s390x.deb 01ba44172d71734d674feff4ed58385f853cdff6 1377468 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb 4e06ed7dc8386bd3454fb0bbd0edb88f2699f0f3 199368 libcurl3-gnutls_7.58.0-2ubuntu3.13_s390x.deb 327fa8de51804ec75075bba0276fbc6ad3f115f2 1409936 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb af2944891e22fae15eaae7acea35022ae94a1ff7 206016 libcurl3-nss_7.58.0-2ubuntu3.13_s390x.deb f3ea93c176a02ed71e9a048440f5a15be32e1eb8 1389656 libcurl4-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb be425792e0fc3c99ce3d6b11f5c5115b3e674e67 286892 libcurl4-gnutls-dev_7.58.0-2ubuntu3.13_s390x.deb 56252591608b83aacd1159904d97a179eb2eec28 293364 libcurl4-nss-dev_7.58.0-2ubuntu3.13_s390x.deb a6400a360c470832a86f8d70ab24aa26a1c6e0e6 287624 libcurl4-openssl-dev_7.58.0-2ubuntu3.13_s390x.deb bafd5216f3d9e95492896c78fda3fd1ef379082f 200764 libcurl4_7.58.0-2ubuntu3.13_s390x.deb Checksums-Sha256: 0250f53a74465d420949930997c8584538ee77a863cd3a17210650b6491a9aee 150272 curl-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb 4312fa9178044154b8e0ee6866b04eb9eb8076ff19279518f955a6c1edd94f3e 11584 curl_7.58.0-2ubuntu3.13_s390x.buildinfo 08ebf8f281ca7507a0d965042670d8beba8480481983bbeb3eae0f86e097a1d0 155280 curl_7.58.0-2ubuntu3.13_s390x.deb 8c08559fd7bfec0b09b331bcb032669796d3b6b77c2fb967311eb6673b88fc10 1377468 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb 210a6911f97ace02a4d3f948385aef034ee09112503620114e0fdbeaa6efaf7a 199368 libcurl3-gnutls_7.58.0-2ubuntu3.13_s390x.deb 045241138253661e421f32639220990a500e1cf96cb5babe2334edf52a871b9f 1409936 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb b563dfcb439c5472b31084229e9614a66cc2a5a68eb89f6dcf0367fad9a26d35 206016 libcurl3-nss_7.58.0-2ubuntu3.13_s390x.deb 5e5f60469e2f017524f415c281c48c6d1087d423694f0c6ae54603607dae8400 1389656 libcurl4-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb de62ad724f7743962a6e4ad3eed3133e15ab64489fb97ac1910c1fcebc19e632 286892 libcurl4-gnutls-dev_7.58.0-2ubuntu3.13_s390x.deb 8328854c52906a0531e937bed5d8ec27d1188c689cd5a610987315d6dbd61aca 293364 libcurl4-nss-dev_7.58.0-2ubuntu3.13_s390x.deb 67893bc95397a3ff73c8de7c7ef458e526120ac6ef1c4157f8ef3fe2965c1115 287624 libcurl4-openssl-dev_7.58.0-2ubuntu3.13_s390x.deb fbec20ccd1a8fb375853b6af8bb00297301b0cecfa89ed1df47da82dfe1c29a6 200764 libcurl4_7.58.0-2ubuntu3.13_s390x.deb Files: cdee0ae2d98a5e03f39d8ea63dc6feea 150272 debug optional curl-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb baae4b3cbb27a4e2bbc058b7d4ef2e89 11584 web optional curl_7.58.0-2ubuntu3.13_s390x.buildinfo 97978baed43b5af28e6844e08a9e4ddb 155280 web optional curl_7.58.0-2ubuntu3.13_s390x.deb f345ccaf27bd754f54f55ea8832e3631 1377468 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb 29c921377546e734c743522d70d5b4d2 199368 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.13_s390x.deb f7b0313e5be9a062b24ff0910beebd1c 1409936 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb eb95b4645b69c56e11a05c57e0999e64 206016 libs optional libcurl3-nss_7.58.0-2ubuntu3.13_s390x.deb c464b5e1498b99693cb57cb9d0f276e0 1389656 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.13_s390x.ddeb f7e1f08d76b127622b5610cfe2d9be87 286892 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.13_s390x.deb 1ee1fe92ce7e691215ffc72a72aaa884 293364 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.13_s390x.deb 450939373fa6863c894f310d87d04ef6 287624 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.13_s390x.deb ecae2a204198db2f668d0f1b8e80738e 200764 libs optional libcurl4_7.58.0-2ubuntu3.13_s390x.deb Original-Maintainer: Alessandro Ghedini