Publishing details
Changelog
curl (7.58.0-2ubuntu3) bionic; urgency=medium
* SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
- debian/patches/CVE-2018-1000120.patch: reject path components with
control codes in lib/ftp.c, add test to tests/*.
- CVE-2018-1000120
* SECURITY UPDATE: LDAP NULL pointer dereference
- debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
results for NULL before using in lib/openldap.c.
- CVE-2018-1000121
* SECURITY UPDATE: RTSP RTP buffer over-read
- debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
go beyond buffer end in lib/transfer.c.
- CVE-2018-1000122
-- Marc Deslauriers <email address hidden> Thu, 15 Mar 2018 08:20:41 -0400
Builds
Built packages
-
curl
command line tool for transferring data with URL syntax
-
curl-dbgsym
debug symbols for curl
-
libcurl3-gnutls
easy-to-use client-side URL transfer library (GnuTLS flavour)
-
libcurl3-gnutls-dbgsym
debug symbols for libcurl3-gnutls
-
libcurl3-nss
easy-to-use client-side URL transfer library (NSS flavour)
-
libcurl3-nss-dbgsym
debug symbols for libcurl3-nss
-
libcurl4
easy-to-use client-side URL transfer library (OpenSSL flavour)
-
libcurl4-dbgsym
debug symbols for libcurl4
-
libcurl4-doc
documentation for libcurl
-
libcurl4-gnutls-dev
development files and documentation for libcurl (GnuTLS flavour)
-
libcurl4-nss-dev
development files and documentation for libcurl (NSS flavour)
-
libcurl4-openssl-dev
development files and documentation for libcurl (OpenSSL flavour)
Package files