Format: 1.8 Date: Fri, 10 Sep 2021 10:28:17 -0400 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: s390x Version: 7.68.0-1ubuntu2.7 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.68.0-1ubuntu2.7) focal-security; urgency=medium . * SECURITY UPDATE: Protocol downgrade required TLS bypassed - debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over HTTPS proxy in lib/ftp.c, lib/urldata.h. - debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc, tests/data/test984, tests/data/test985, tests/data/test986. - CVE-2021-22946 * SECURITY UPDATE: STARTTLS protocol injection via MITM - debian/patches/CVE-2021-22947.patch: reject STARTTLS server response pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c, tests/data/Makefile.inc, tests/data/test980, tests/data/test981, tests/data/test982, tests/data/test983. - CVE-2021-22947 Checksums-Sha1: b90ed807ff772cec51034147adf16cab9c61d44a 139440 curl-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb 163c574aa3978d135104ac301ec4e3521ad0d36f 11619 curl_7.68.0-1ubuntu2.7_s390x.buildinfo 1447e1c0f32d1b30094dd02fd53d45b0cf76df5b 157056 curl_7.68.0-1ubuntu2.7_s390x.deb 1bb679511575d96199dde39fc3fe34e410d9cdbd 758220 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb 259b0730222eb5d8ad0d14d631eaf5bb0c184d36 212352 libcurl3-gnutls_7.68.0-1ubuntu2.7_s390x.deb 76f0f3569d6b5f7bce4d6cb1e472d06893778054 795788 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb 3287251c702fb3d53909563176769b2d637145b6 218892 libcurl3-nss_7.68.0-1ubuntu2.7_s390x.deb 1fd47cbe4a4b33f3e85654ad53a7b6c0963c173b 775908 libcurl4-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb 3152ba1dc486c7ebe8473b6ca89810d4239b69e4 302292 libcurl4-gnutls-dev_7.68.0-1ubuntu2.7_s390x.deb d57b24428953f1e4e60dbd27df3df0a5e0a3a11f 308884 libcurl4-nss-dev_7.68.0-1ubuntu2.7_s390x.deb e279768fd48ac0a8f1e9f0414f4767d8464a1df7 304560 libcurl4-openssl-dev_7.68.0-1ubuntu2.7_s390x.deb 634e58b0da7349c57eaaf1446e4416d9df92364c 214936 libcurl4_7.68.0-1ubuntu2.7_s390x.deb Checksums-Sha256: 49c9deef02f6a24be2e70cde530bd49738262c4639f57de3732bfe1361d44dd5 139440 curl-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb 1f6fa76029d74b5d0210ba98173ff451f9cf607a397d977c0e0b24b734bb8814 11619 curl_7.68.0-1ubuntu2.7_s390x.buildinfo cdfe8862f204946323f9626e93b7701663b3dda367e149fac6c67ee121633e78 157056 curl_7.68.0-1ubuntu2.7_s390x.deb 54966aa41af92dd6f4a4be86a9ca0c7e3451f57a70d68ad60497cfb36829edfa 758220 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb 6e47f525268f77c558c547d0b5636dff94e36772238cb77766fecf71639e49da 212352 libcurl3-gnutls_7.68.0-1ubuntu2.7_s390x.deb 27b8eb91d6010d17cc3673a8c95819a5595f63a406aa4999c055282da976a123 795788 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb a08467dd0862e79c89739465452db2694001eccf2a7239c05b40a0ed18b0d077 218892 libcurl3-nss_7.68.0-1ubuntu2.7_s390x.deb e45188dc81bb8a71ed567f44122524a2eeedf74192949f8fe6bc0dceaaed4d29 775908 libcurl4-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb b2c52c5322feee31f101419dfc71d61f08f8e863f58a86661dc272a6aad8fdd6 302292 libcurl4-gnutls-dev_7.68.0-1ubuntu2.7_s390x.deb c8534583872568d9ed2f9cb42e5e1d2b3dcb5c51664ce8c8856fe5e018d1cf5b 308884 libcurl4-nss-dev_7.68.0-1ubuntu2.7_s390x.deb b0702f7caf137d40edb22b1ee63526fc48491630d531b0a30b0ba0bc09792aa2 304560 libcurl4-openssl-dev_7.68.0-1ubuntu2.7_s390x.deb ed347ca9b23ab4d0e5ae64ea7ffd649d122050c4909e8a696a52713dc8af5ee1 214936 libcurl4_7.68.0-1ubuntu2.7_s390x.deb Files: 40625434e0f6a51b7ca4686e6ce6163a 139440 debug optional curl-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb a04eb4eeb885b79f13be5da59eb7c4d2 11619 web optional curl_7.68.0-1ubuntu2.7_s390x.buildinfo f647845264529c8555e87bb165f33e21 157056 web optional curl_7.68.0-1ubuntu2.7_s390x.deb 3266e85e76a12dc47696e1abe76ff0ba 758220 debug optional libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb 352c1bcdb87151a40074db5bf9ef44e6 212352 libs optional libcurl3-gnutls_7.68.0-1ubuntu2.7_s390x.deb 75dee344d77a32d7750d0f2578e399cd 795788 debug optional libcurl3-nss-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb e470edd811c5fc30086c305787f155cb 218892 libs optional libcurl3-nss_7.68.0-1ubuntu2.7_s390x.deb 424b45d2f3b21c6e406b9e85e7a040c4 775908 debug optional libcurl4-dbgsym_7.68.0-1ubuntu2.7_s390x.ddeb ba02d93bfe727034f1d2a521af91df50 302292 libdevel optional libcurl4-gnutls-dev_7.68.0-1ubuntu2.7_s390x.deb 6086b06341d863ab14ac54dd78b67b13 308884 libdevel optional libcurl4-nss-dev_7.68.0-1ubuntu2.7_s390x.deb b829a965ad50731048759b0148dddc73 304560 libdevel optional libcurl4-openssl-dev_7.68.0-1ubuntu2.7_s390x.deb 25829e2dab9bba9f92855a1603e49778 214936 libs optional libcurl4_7.68.0-1ubuntu2.7_s390x.deb Original-Maintainer: Alessandro Ghedini