curl 7.85.0-1ubuntu0.3 source package in Ubuntu
Changelog
curl (7.85.0-1ubuntu0.3) kinetic-security; urgency=medium
* SECURITY UPDATE: multiple HSTS issues
- debian/patches/CVE-2023-23914_5-1.patch: add sharing of HSTS cache
among handles in docs/libcurl/opts/CURLSHOPT_SHARE.3,
docs/libcurl/symbols-in-versions, include/curl/curl.h, lib/hsts.c,
lib/hsts.h, lib/setopt.c, lib/share.c, lib/share.h, lib/transfer.c,
lib/url.c, lib/urldata.h.
- debian/patches/CVE-2023-23914_5-2.patch: share HSTS between handles
in src/tool_operate.c.
- debian/patches/CVE-2023-23914_5-3.patch: handle adding the same host
name again in lib/hsts.c.
- debian/patches/CVE-2023-23914_5-4.patch: support crlf="yes" for
verify/proxy in tests/FILEFORMAT.md, tests/runtests.pl.
- debian/patches/CVE-2023-23914_5-5.patch: verify hsts with two URLs in
tests/data/Makefile.inc, tests/data/test446.
- CVE-2023-23914
- CVE-2023-23915
* SECURITY UPDATE: HTTP multi-header compression denial of service
- debian/patches/CVE-2023-23916-pre1.patch: do CRLF replacements in
tests/FILEFORMAT.md, tests/data/test1, tests/runtests.pl.
- debian/patches/CVE-2023-23916.patch: do not reset stage counter for
each header in lib/content_encoding.c, lib/urldata.h,
tests/data/Makefile.inc, tests/data/test387, tests/data/test418.
- CVE-2023-23916
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2023 08:12:14 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Kinetic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.85.0.orig.tar.gz | 4.0 MiB | 78a06f918bd5fde3c4573ef4f9806f56372b32ec1829c9ec474799eeee641c27 |
| curl_7.85.0.orig.tar.gz.asc | 488 bytes | 6794e4b59dea9dee2c6373be4e1b1cded5c8a9aea8bbf58c3e97f3adfe8d8474 |
| curl_7.85.0-1ubuntu0.3.debian.tar.xz | 47.8 KiB | 61db32e4cb0b0e306fc1581b80fb57dd5d2822c791f6105523bab813b0f55f6f |
| curl_7.85.0-1ubuntu0.3.dsc | 3.0 KiB | b138dab1f89873267f18e16d246a7f4549c61bc7e893ed0bbf9c80dd06cfa7ab |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu kinetic.
No description available for curl in ubuntu kinetic.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu kinetic.
No description available for curl-dbgsym in ubuntu kinetic.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu kinetic.
No description available for libcurl3-gnutls in ubuntu kinetic.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu kinetic.
No description available for libcurl3-
gnutls- dbgsym in ubuntu kinetic.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu kinetic.
No description available for libcurl3-nss in ubuntu kinetic.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu kinetic.
No description available for libcurl3-nss-dbgsym in ubuntu kinetic.
- libcurl4: No summary available for libcurl4 in ubuntu kinetic.
No description available for libcurl4 in ubuntu kinetic.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu kinetic.
No description available for libcurl4-dbgsym in ubuntu kinetic.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu kinetic.
No description available for libcurl4-doc in ubuntu kinetic.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu kinetic.
No description available for libcurl4-gnutls-dev in ubuntu kinetic.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu kinetic.
No description available for libcurl4-nss-dev in ubuntu kinetic.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu kinetic.
No description available for libcurl4-
openssl- dev in ubuntu kinetic.
