Publishing details
-
Published
-
Copied from
ubuntu bionic in
Private PPA for Ubuntu Security Team
by Marc Deslauriers
Changelog
curl (7.58.0-2ubuntu3.24) bionic-security; urgency=medium
* SECURITY UPDATE: TELNET option IAC injection
- debian/patches/CVE-2023-27533.patch: only accept option arguments in
ascii in lib/telnet.c.
- CVE-2023-27533
* SECURITY UPDATE: SFTP path ~ resolving discrepancy
- debian/patches/CVE-2023-27534-pre1.patch: do not add '/' if homedir
ends with one in lib/curl_path.c.
- debian/patches/CVE-2023-27534.patch: properly handle tilde character
in lib/curl_path.c.
- CVE-2023-27534
* SECURITY UPDATE: FTP too eager connection reuse
- debian/patches/CVE-2023-27535.patch: add more conditions for
connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h.
- CVE-2023-27535
* SECURITY UPDATE: GSS delegation too eager connection re-use
- debian/patches/CVE-2023-27536.patch: only reuse connections with same
GSS delegation in lib/url.c, lib/urldata.h.
- CVE-2023-27536
* SECURITY UPDATE: SSH connection too eager reuse still
- debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse
check in lib/url.c.
- CVE-2023-27538
-- Marc Deslauriers <email address hidden> Wed, 15 Mar 2023 08:58:03 -0400
Builds
Built packages
-
curl
command line tool for transferring data with URL syntax
-
curl-dbgsym
debug symbols for curl
-
libcurl3-gnutls
easy-to-use client-side URL transfer library (GnuTLS flavour)
-
libcurl3-gnutls-dbgsym
debug symbols for libcurl3-gnutls
-
libcurl3-nss
easy-to-use client-side URL transfer library (NSS flavour)
-
libcurl3-nss-dbgsym
debug symbols for libcurl3-nss
-
libcurl4
easy-to-use client-side URL transfer library (OpenSSL flavour)
-
libcurl4-dbgsym
debug symbols for libcurl4
-
libcurl4-doc
documentation for libcurl
-
libcurl4-gnutls-dev
development files and documentation for libcurl (GnuTLS flavour)
-
libcurl4-nss-dev
development files and documentation for libcurl (NSS flavour)
-
libcurl4-openssl-dev
development files and documentation for libcurl (OpenSSL flavour)
Package files