Format: 1.8 Date: Wed, 15 Mar 2023 08:58:03 -0400 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: armhf Version: 7.58.0-2ubuntu3.24 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.24) bionic-security; urgency=medium . * SECURITY UPDATE: TELNET option IAC injection - debian/patches/CVE-2023-27533.patch: only accept option arguments in ascii in lib/telnet.c. - CVE-2023-27533 * SECURITY UPDATE: SFTP path ~ resolving discrepancy - debian/patches/CVE-2023-27534-pre1.patch: do not add '/' if homedir ends with one in lib/curl_path.c. - debian/patches/CVE-2023-27534.patch: properly handle tilde character in lib/curl_path.c. - CVE-2023-27534 * SECURITY UPDATE: FTP too eager connection reuse - debian/patches/CVE-2023-27535.patch: add more conditions for connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h. - CVE-2023-27535 * SECURITY UPDATE: GSS delegation too eager connection re-use - debian/patches/CVE-2023-27536.patch: only reuse connections with same GSS delegation in lib/url.c, lib/urldata.h. - CVE-2023-27536 * SECURITY UPDATE: SSH connection too eager reuse still - debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse check in lib/url.c. - CVE-2023-27538 Checksums-Sha1: bd6e057642ef9706d4497e71f42833b5fc4e5495 138800 curl-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb c562ca622c10fb56bf0c4d0b54b84f1fc17e3ff1 11854 curl_7.58.0-2ubuntu3.24_armhf.buildinfo 7dd5cf9624e0357005ee8709f556d6610621e18e 152332 curl_7.58.0-2ubuntu3.24_armhf.deb d0cc6a56c46ead7303d4c81731889ba7867b165d 1280860 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb d6d2b8c0838af8f36cb97ff52c10c85e5f89eb97 187036 libcurl3-gnutls_7.58.0-2ubuntu3.24_armhf.deb a42768ce11000018bb97418749c8e1ac7ace6884 1310388 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 4abaebd7ca96ba49b85ddfac6dcfd3a5e948014e 192936 libcurl3-nss_7.58.0-2ubuntu3.24_armhf.deb bb990553d9d2962e8f7aa8b5e0458f5e6eddb79c 1290632 libcurl4-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 2386587f13b32b12723bda3fe6a0cba4c5327580 276596 libcurl4-gnutls-dev_7.58.0-2ubuntu3.24_armhf.deb 6f41bb7d2b594b5e8350a810c859ef59de3fcaa5 282528 libcurl4-nss-dev_7.58.0-2ubuntu3.24_armhf.deb cdc50ebb4fcec44223c4d1faa8fc35ee31d8715a 277956 libcurl4-openssl-dev_7.58.0-2ubuntu3.24_armhf.deb 293d004005b8e6b8baa8f1e31cc3e420bf77fb1a 188344 libcurl4_7.58.0-2ubuntu3.24_armhf.deb Checksums-Sha256: f9a7f006899d0bd964067cb4649f1f3144bc5ad6723bfa077ff926779d07f31a 138800 curl-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 88f11f7d3b3d3705778e9fc465f79a0f65dc0006e441889757d849475de3ec5c 11854 curl_7.58.0-2ubuntu3.24_armhf.buildinfo 082a82cdce066008783ed0c7627c4d399ae5a402a714225dd0e43d5fad2c4ded 152332 curl_7.58.0-2ubuntu3.24_armhf.deb ca56a9db4c56eb780e9d8f7c8c928696b18c36c9e91f992155e4300f1ce2e56f 1280860 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 889399934a44c35ed9b1fd0f302623f775585331b295d6511c55ef143990caa7 187036 libcurl3-gnutls_7.58.0-2ubuntu3.24_armhf.deb 850c2883dff4cb744e6b50525a064694c6e7227965467781db3e89609b24f54f 1310388 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 3ddf658c0162ff61f4ce9aa6356cbc503631d85a1a0c895aac704284594b73fa 192936 libcurl3-nss_7.58.0-2ubuntu3.24_armhf.deb b401b1cb143191f60cf52ee696a0a8c287dcc896655df1cf95f0ec8c26baeb55 1290632 libcurl4-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 8cc792ca98146fee891f88bb3454787b1b1eaedf54d899577dcff10e3f15bed3 276596 libcurl4-gnutls-dev_7.58.0-2ubuntu3.24_armhf.deb eb71d0670e55e453cd48f70981594e5a8ad0c15931449a7a3989f585eb0fc98e 282528 libcurl4-nss-dev_7.58.0-2ubuntu3.24_armhf.deb f03faaf34932f90e703867b441b6da3b6ccb3dd73265608b1f18c0095479e33a 277956 libcurl4-openssl-dev_7.58.0-2ubuntu3.24_armhf.deb 3ea4120dbf28a2916fd0f126deb0c55a54d6e346d7a45a421915500786d20221 188344 libcurl4_7.58.0-2ubuntu3.24_armhf.deb Files: 3ee3e191915c79b301fd4bd94af1fe64 138800 debug optional curl-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb db4c61b82de30cc408c9082203fc03c3 11854 web optional curl_7.58.0-2ubuntu3.24_armhf.buildinfo 783a05b9c99565853def7739339a8a02 152332 web optional curl_7.58.0-2ubuntu3.24_armhf.deb eaa28111d1c5cdf7d0159c0d0e519e02 1280860 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 23610653702285b3fc40808dfa40684a 187036 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.24_armhf.deb d3e4d8a618153477d7b00d398c9ab150 1310388 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 888fd0bf5a28580313fc9fb7c8a19b17 192936 libs optional libcurl3-nss_7.58.0-2ubuntu3.24_armhf.deb 5d3bc58655915e57b9aa24fad8ae6d60 1290632 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.24_armhf.ddeb 384c1cfb07b60efee58fcf909b4f3f15 276596 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.24_armhf.deb 4d37a1d19e37630d5b1b7574ec9dc1e5 282528 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.24_armhf.deb c9ab710c3308c44f52b5cc39ac6df6ac 277956 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.24_armhf.deb 63487e2e9db26d07825f47c411b6b2ba 188344 libs optional libcurl4_7.58.0-2ubuntu3.24_armhf.deb Original-Maintainer: Alessandro Ghedini