Change log for curl package in Debian
76 → 150 of 204 results | First • Previous • Next • Last |
Superseded in buster-release |
curl (7.64.0-4+deb10u1) buster-security; urgency=high * Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009) https://curl.haxx.se/docs/CVE-2019-5481.html * Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482 (Closes: #940010) https://curl.haxx.se/docs/CVE-2019-5482.html -- Alessandro Ghedini <email address hidden> Sat, 22 Feb 2020 15:01:46 +0000
curl (7.68.0-1) unstable; urgency=medium * New upstream release * Bump Standards-Version to 4.5.0 (no changes needed) * Update symbols files * Configure default CA file with OpenSSL again (Closes: #948441) -- Alessandro Ghedini <email address hidden> Sat, 22 Feb 2020 14:37:19 +0000
curl (7.67.0-2) unstable; urgency=medium * Restore :native annotation for python3 Build-Depends. Thanks to Helmut Grohne for the patch (Closes: #945928) -- Alessandro Ghedini <email address hidden> Sun, 01 Dec 2019 13:29:28 +0000
curl (7.67.0-1) unstable; urgency=medium * New upstream release * Replace python with python3 in Build-Depends (Closes: #942984) * Bump Standards-Version to 4.4.1 (no changes needed) -- Alessandro Ghedini <email address hidden> Sat, 30 Nov 2019 12:45:07 +0000
curl (7.66.0-1) unstable; urgency=medium * New upstream release (Closes: #940024) + Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009) https://curl.haxx.se/docs/CVE-2019-5481.html + Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482 (Closes: #940010) https://curl.haxx.se/docs/CVE-2019-5482.html * Refresh patches * Enable brotli support (Closes: #940129) * Update *.symbols files -- Alessandro Ghedini <email address hidden> Sun, 15 Sep 2019 15:47:05 +0100
curl (7.65.3-1) unstable; urgency=medium * New upstream release * Drop 12_fix-man-errors.patch (merged upstream) * Remove Ian Jackson from Uploaders as he has never done an upload -- Alessandro Ghedini <email address hidden> Fri, 09 Aug 2019 19:45:02 +0100
curl (7.65.1-1) unstable; urgency=medium * New upstream release + Reduce verbose output (Closes: #926148) + Fix parsing URLs with link local addresses (Closes: #926812) * Drop patches merged upstream * Refresh patches * Bump STandards-Version to 4.4.0 (no changes needed) * Update entry in copyright for renamed files * Fix some man errors. Thanks to Bjarni Ingi Gislason for the patch (Closes: #926352) * Add Build-Depends-Package field to symbols files -- Alessandro Ghedini <email address hidden> Sat, 13 Jul 2019 12:37:09 +0100
curl (7.64.0-4) unstable; urgency=medium * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351) https://curl.haxx.se/docs/CVE-2019-5436.html * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352) https://curl.haxx.se/docs/CVE-2019-5435.html -- Alessandro Ghedini <email address hidden> Fri, 14 Jun 2019 19:23:32 +0100
curl (7.64.0-3) unstable; urgency=medium * Fix potential crash in HTTP/2 code and busy loop at the end of connections (Closes: #927471) -- Alessandro Ghedini <email address hidden> Sat, 04 May 2019 12:51:06 +0100
curl (7.64.0-2) unstable; urgency=medium * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554) -- Alessandro Ghedini <email address hidden> Thu, 07 Mar 2019 20:02:35 +0000
Superseded in stretch-release |
curl (7.52.1-5+deb9u9) stretch-security; urgency=high * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html -- Alessandro Ghedini <email address hidden> Mon, 04 Feb 2019 20:55:32 +0000
curl (7.64.0-1) unstable; urgency=medium * New upstream release + Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html + Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html + Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html + Fix HTTP negotiation with POST requests (Closes: #920267) -- Alessandro Ghedini <email address hidden> Wed, 06 Feb 2019 22:33:05 +0000
curl (7.63.0-1) unstable; urgency=medium * New upstream release + Fix IPv6 numeral address parser (Closes: #915520) + Fix timeout handling (Closes: #914793) + Fix HTTP auth to include query in URI (Closes: #913214) * Drop 12_fix-runtests-curl.patch (merged upstream) * Update symbols * Update copyright for removed files * Bump debhlper compat level to 12 * Bump Standards-Version to 4.3.0 (no changes needed) -- Alessandro Ghedini <email address hidden> Tue, 15 Jan 2019 20:47:40 +0000
Available diffs
Superseded in stretch-release |
curl (7.52.1-5+deb9u8) stretch-security; urgency=high * Fix SASL password overflow via integer overflow as per CVE-2018-16839 https://curl.haxx.se/docs/CVE-2018-16839.html * Fix warning message out-of-buffer read as per CVE-2018-16842 https://curl.haxx.se/docs/CVE-2018-16842.html -- Alessandro Ghedini <email address hidden> Tue, 30 Oct 2018 21:39:11 +0000
curl (7.62.0-1) unstable; urgency=medium * New upstream release + Fix NTLM password overflow via integer overflow as per CVE-2018-14618 (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html + Fix SASL password overflow via integer overflow as per CVE-2018-16839 https://curl.haxx.se/docs/CVE-2018-16839.html + Fix use-after-free in handle close as per CVE-2018-16840 https://curl.haxx.se/docs/CVE-2018-16840.html + Fix warning message out-of-buffer read as per CVE-2018-16842 https://curl.haxx.se/docs/CVE-2018-16842.html + Fix broken terminal output (closes: #911333) * Refresh patches * Add 12_fix-runtests-curl.patch to fix running curl in tests -- Alessandro Ghedini <email address hidden> Wed, 31 Oct 2018 22:42:44 +0000
Available diffs
curl (7.61.0-1) unstable; urgency=medium * New upstream release + Fix SMTP send heap buffer overflow as per CVE-2018-0500 (Closes: #903546) https://curl.haxx.se/docs/adv_2018-70a2.html + Fix some crashes related to HTTP/2 (Closes: #902628) * Disable libssh2 on Ubuntu. Thanks to Gianfranco Costamagna for the patch (Closes: #888449) * Bump Standards-Version to 4.2.0 (no changes needed) * Don't configure default CA bundle with OpenSSL and GnuTLS (Closes: #883174) -- Alessandro Ghedini <email address hidden> Sat, 11 Aug 2018 13:32:28 +0100
Available diffs
Superseded in stretch-release |
curl (7.52.1-5+deb9u6) stretch-security; urgency=high * Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html -- Alessandro Ghedini <email address hidden> Tue, 15 May 2018 23:00:28 +0100
Published in jessie-release |
curl (7.38.0-4+deb8u11) jessie-security; urgency=high * Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html -- Alessandro Ghedini <email address hidden> Tue, 15 May 2018 23:05:31 +0100
curl (7.60.0-2) unstable; urgency=medium [ Steve Langasek ] * Build-depend on libssl-dev instead of libssl1.0-dev. * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between openssl 1.0 and openssl 1.1. * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer claiming compatibility. * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for non-OpenSSL builds. Closes: #858398. * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk -- Alessandro Ghedini <email address hidden> Wed, 23 May 2018 20:25:39 +0100
curl (7.60.0-1) unstable; urgency=medium * New upstream release (Closes: #891997, #893546, #898856) + Fix use of IPv6 literals with NO_PROXY + Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html + Fix LDAP NULL pointer dereference as per CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html + Fix RTSP RTP buffer over-read as per CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html + Fix heap buffer overflow when closing down an FTP connection with very long server command replies as per CVE-2018-1000300 https://curl.haxx.se/docs/adv_2018-82c2.html + Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html * Refresh patches * Bump Standards-Version to 4.1.4 (no changes needed) -- Alessandro Ghedini <email address hidden> Fri, 18 May 2018 20:21:17 +0100
Superseded in stretch-release |
curl (7.52.1-5+deb9u4) stretch-security; urgency=high * Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005 https://curl.haxx.se/docs/adv_2018-824a.html * Fix HTTP authentication leak in redirects as per CVE-2018-1000007 https://curl.haxx.se/docs/adv_2018-b3bf.html -- Alessandro Ghedini <email address hidden> Tue, 23 Jan 2018 21:56:56 +0000
Deleted in experimental-release (Reason: None provided.) |
curl (7.58.0-3) experimental; urgency=medium [ Steve Langasek ] * Build-depend on libssl-dev instead of libssl1.0-dev. * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between openssl 1.0 and openssl 1.1. * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer claiming compatibility. * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for non-OpenSSL builds. Closes: #858398. * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk -- Alessandro Ghedini <email address hidden> Tue, 27 Feb 2018 21:16:17 +0000
curl (7.58.0-2) unstable; urgency=medium * Explicitly enable libssh2 support which got silently disabled in the previous update -- Alessandro Ghedini <email address hidden> Wed, 24 Jan 2018 20:27:50 +0000
Available diffs
curl (7.58.0-1) unstable; urgency=medium * New upstream release - Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005 https://curl.haxx.se/docs/adv_2018-824a.html - Fix HTTP authentication leak in redirects as per CVE-2018-1000007 https://curl.haxx.se/docs/adv_2018-b3bf.html * Point Vcs-* to salsa.d.o * Bump Standards-Version to 4.1.3 (no changes needed) * Bump debhlper compat level to 11 * Refresh patches * fix insecure-copyright-format-uri -- Alessandro Ghedini <email address hidden> Wed, 24 Jan 2018 11:13:58 +0000
Superseded in jessie-release |
curl (7.38.0-4+deb8u8) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816 https://curl.haxx.se/docs/adv_2017-11e7.html * Fix FTP wildcard out of bounds read as per CVE-2017-8817 https://curl.haxx.se/docs/adv_2017-ae72.html -- Yves-Alexis Perez <email address hidden> Sat, 25 Nov 2017 22:03:21 +0100
Superseded in stretch-release |
curl (7.52.1-5+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816 https://curl.haxx.se/docs/adv_2017-11e7.html * Fix FTP wildcard out of bounds read as per CVE-2017-8817 https://curl.haxx.se/docs/adv_2017-ae72.html -- Yves-Alexis Perez <email address hidden> Sun, 26 Nov 2017 13:00:56 +0100
curl (7.57.0-1) unstable; urgency=medium * New upstream release - Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816 https://curl.haxx.se/docs/adv_2017-11e7.html - Fix FTP wildcard out of bounds read as per CVE-2017-8817 https://curl.haxx.se/docs/adv_2017-ae72.html - Fix SSL out of buffer access as per CVE-2017-8818 https://curl.haxx.se/docs/adv_2017-af0a.html * Remove -fdebug-prefix-map from curl-config. Thanks to Timo Weingärtner for the patch (Closes: #861974, #874223, #874238) * Don't install zsh completion when cross compiling. Thanks to Wookey for the patch (Closes: #812965) -- Alessandro Ghedini <email address hidden> Thu, 30 Nov 2017 10:16:03 +0000
curl (7.56.1-1) unstable; urgency=medium * New upstream release - Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257 https://curl.haxx.se/docs/adv_20171023.html * Bump Standards-Version to 4.1.1 (no changes needed) * Drop 01_runtests_gdb.patch * Drop 12_dont-wait-on-CONNECT.patch * Refresh patches * Update *.symbols files * Use https:// URL in watch file -- Alessandro Ghedini <email address hidden> Tue, 24 Oct 2017 11:05:48 +0100
curl (7.55.1-1) unstable; urgency=medium * New upstream release - Fix FTBFS on powerpc (Closes: #872502) * Apply upstream patch to fix connection timeouts with NetworkManager (Closes: #873181) * Refresh patches * Bump Standards-Version to 4.1.0 (no changes needed) -- Alessandro Ghedini <email address hidden> Sat, 02 Sep 2017 12:10:22 +0100
curl (7.55.0-1) unstable; urgency=medium * New upstream release - Fix TFTP sends more than buffer size as per CVE-2017-1000100 (Closes: #871555) - Fix URL globbing out of bounds read as per CVE-2017-1000101 (Closes: #871554) * Refresh patches and drop patches merged upstream * Update Standards-Version to 4.0.1 (no changes needed) * Drop -dbg package -- Alessandro Ghedini <email address hidden> Sat, 12 Aug 2017 15:18:05 +0100
curl (7.52.1-5) unstable; urgency=high * Fix TLS session resumption client cert bypass as per CVE-2017-7468 https://curl.haxx.se/docs/adv_20170419.html -- Alessandro Ghedini <email address hidden> Wed, 19 Apr 2017 11:19:50 +0100
curl (7.52.1-4) unstable; urgency=medium * Fix regression in CONNECT response handling (Closes: #857613) * Fix buffer read overrun on --write-out as per CVE-2017-7407 https://curl.haxx.se/docs/adv_20170403.html (Closes: #859500) -- Alessandro Ghedini <email address hidden> Sat, 08 Apr 2017 21:55:27 +0100
curl (7.52.1-3) unstable; urgency=high * Make SSL_VERIFYSTATUS work again as per CVE-2017-2629 https://curl.haxx.se/docs/adv_20170222.html -- Alessandro Ghedini <email address hidden> Tue, 21 Feb 2017 22:38:41 +0000
curl (7.52.1-2) unstable; urgency=medium * Fix HTTPS connection timeout with OpenSSL (Closes: #852317) -- Alessandro Ghedini <email address hidden> Sun, 29 Jan 2017 21:34:10 +0000
Superseded in jessie-release |
curl (7.38.0-4+deb8u5) jessie-security; urgency=high * Fix cookie injection for other servers as per CVE-2016-8615 https://curl.haxx.se/docs/adv_20161102A.html * Fix case insensitive password comparison as per CVE-2016-8616 https://curl.haxx.se/docs/adv_20161102B.html * Fix OOB write via unchecked multiplication as per CVE-2016-8617 https://curl.haxx.se/docs/adv_20161102C.html * Fix double-free in curl_maprintf as per CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html * Fix double-free in krb5 code as per CVE-2016-8619 https://curl.haxx.se/docs/adv_20161102E.html * Fix glob parser write/read out of bounds as per CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html * Fix curl_getdate read out of bounds as per CVE-2016-8621 https://curl.haxx.se/docs/adv_20161102G.html * Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622 https://curl.haxx.se/docs/adv_20161102H.html * Fix use-after-free via shared cookies as per CVE-2016-8623 https://curl.haxx.se/docs/adv_20161102I.html * Fix invalid URL parsing with '#' as per CVE-2016-8624 https://curl.haxx.se/docs/adv_20161102J.html -- Alessandro Ghedini <email address hidden> Tue, 01 Nov 2016 21:38:10 +0000
curl (7.52.1-1) unstable; urgency=medium * New upstream release - Fix printf floating point buffer overflow as per CVE-2016-9586 (Closes: #848958) * B-D on "libssl1.0-dev | libssl-dev (<< 1.1)" (Closes: #850880, #844018) * Another attempt at making -dev packages multi-arch. Thanks to Benjamin Moody for the patches. (Closes: #731998, #846360) * Enable support for PSL (Closes: #847958) * Re-enable support for IDN (Closes: #849539) * Drop 10_disable-network-tests.patch. It didn't really work, and the issue is not urgent. * Switch curl binary back to libcurl3/OpenSSL. While the GnuTLS flavour mostly worked fine, there are a bunch of features that are not implemented. -- Alessandro Ghedini <email address hidden> Thu, 12 Jan 2017 22:02:44 +0000
curl (7.51.0-1) unstable; urgency=medium * New upstream release - Fix cookie injection for other servers as per CVE-2016-8615 https://curl.haxx.se/docs/adv_20161102A.html - Fix case insensitive password comparison as per CVE-2016-8616 https://curl.haxx.se/docs/adv_20161102B.html - Fix OOB write via unchecked multiplication as per CVE-2016-8617 https://curl.haxx.se/docs/adv_20161102C.html - Fix double-free in curl_maprintf as per CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html - Fix double-free in krb5 code as per CVE-2016-8619 https://curl.haxx.se/docs/adv_20161102E.html - Fix glob parser write/read out of bounds as per CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html - Fix curl_getdate read out of bounds as per CVE-2016-8621 https://curl.haxx.se/docs/adv_20161102G.html - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622 https://curl.haxx.se/docs/adv_20161102H.html - Fix use-after-free via shared cookies as per CVE-2016-8623 https://curl.haxx.se/docs/adv_20161102I.html - Fix invalid URL parsing with '#' as per CVE-2016-8624 https://curl.haxx.se/docs/adv_20161102J.html - Fix IDNA 2003 makes curl use wrong host https://curl.haxx.se/docs/adv_20161102K.html - Fix escape and unescape integer overflows as per CVE-2016-7167 (Closes: #837945) https://curl.haxx.se/docs/adv_20160914.html - Fix incorrect reuse of client certificates (NSS backend) as per CVE-2016-7141 (Closes: #836918) https://curl.haxx.se/docs/adv_20160907.html * Drop 02_art_http_scripting.patch (file not shipped anymore) * Refresh patches * Temporarily disable IDN support * Don't install pdf and html docs (they are not shipped in the tarball anymore) * Install markdown docs -- Alessandro Ghedini <email address hidden> Thu, 03 Nov 2016 22:46:14 +0000
Superseded in jessie-release |
curl (7.38.0-4+deb8u4) jessie-security; urgency=high * Fix TLS session resumption client cert bypass as per CVE-2016-5419 https://curl.haxx.se/docs/adv_20160803A.html * Fix re-using connection with wrong client cert as per CVE-2016-5420 https://curl.haxx.se/docs/adv_20160803B.html * Fix use of connection struct after free as per CVE-2016-5421 https://curl.haxx.se/docs/adv_20160803C.html -- Alessandro Ghedini <email address hidden> Mon, 01 Aug 2016 12:19:28 +0100
curl (7.50.1-1) unstable; urgency=medium * New upstream release (Closes: #827900) - Fix TLS session resumption client cert bypass as per CVE-2016-5419 https://curl.haxx.se/docs/adv_20160803A.html - Fix re-using connection with wrong client cert as per CVE-2016-5420 https://curl.haxx.se/docs/adv_20160803B.html - Fix use of connection struct after free as per CVE-2016-5421 https://curl.haxx.se/docs/adv_20160803C.html - Support OpenSSL 1.1 (Closes: #828127) * Fix 04_workaround_as_needed_bug.patch. Thanks to Yuriy M. Kaminskiy for the patch (Closes: #818131) * Bump Standards-Version to 3.9.8 (no changes needed) * Update Vcs-* URLs * Refresh patches * Add 08_enable-zsh.patch to re-enable zsh completion generation * Remove 08_fix-zsh-completion.patch (was already disabled) * Add 09_fix-typo.patch to fix spelling-error-in-manpage * Add 10_disable-network-tests.patch to disable networked tests (Closes: #830273) * Improve cross Build-Depends satisfiability. Thanks to Helmut Grohne for the patch (Closes: #818092) -- Alessandro Ghedini <email address hidden> Wed, 03 Aug 2016 12:46:05 +0100
Superseded in jessie-release |
curl (7.38.0-4+deb8u3) jessie-security; urgency=medium * Fix NTLM credentials not-checked for proxy connection re-use as per CVE-2016-0755 http://curl.haxx.se/docs/adv_20160127A.htm -- Alessandro Ghedini <email address hidden> Tue, 26 Jan 2016 22:39:38 +0000
curl (7.47.0-1) unstable; urgency=high * New upstream release - Fix NTLM credentials not-checked for proxy connection re-use as per CVE-2016-0755 http://curl.haxx.se/docs/adv_20160127A.html - Set uyrgency=high accordingly * Remove hard-coded dependency on libgnutls (Closes: #812542) * Drop 08_fix-zsh-completion.patch (merged upstream) * Refresh patches -- Alessandro Ghedini <email address hidden> Wed, 27 Jan 2016 11:45:59 +0000
curl (7.46.0-1) unstable; urgency=medium * New upstream release - Initialize OpenSSL algorithms after loading config (Closes: #805408) * Install curl zsh completion (Closes: #805509) - Add 08_fix-zsh-completion.patch to fix zsh completion generation -- Alessandro Ghedini <email address hidden> Sun, 27 Dec 2015 18:18:09 +0100
curl (7.45.0-1) unstable; urgency=medium * New upstream release * Drop 08_spelling.patch (merged upstream) -- Alessandro Ghedini <email address hidden> Wed, 07 Oct 2015 12:59:03 +0200
curl (7.44.0-2) unstable; urgency=medium * Enable HTTP/2 support (Closes: #796302) -- Alessandro Ghedini <email address hidden> Thu, 10 Sep 2015 11:25:14 +0200
Published in wheezy-release |
curl (7.26.0-1+wheezy13) wheezy-security; urgency=high * Fix re-using authenticated connection when unauthenticated as per CVE-2015-3143 http://curl.haxx.se/docs/adv_20150422A.html * Fix Negotiate not treated as connection-oriented as per CVE-2015-3148 http://curl.haxx.se/docs/adv_20150422B.html -- Alessandro Ghedini <email address hidden> Tue, 21 Apr 2015 13:51:57 +0200
curl (7.44.0-1) unstable; urgency=medium * New upstream release * Refresh patches * Update symbols files * Add 08_spelling.patch to fix some spelling errors -- Alessandro Ghedini <email address hidden> Wed, 12 Aug 2015 11:49:04 +0200
curl (7.43.0-1) unstable; urgency=medium * New upstream release - Fix lingering HTTP credentials in connection re-use as per CVE-2015-3236 http://curl.haxx.se/docs/adv_20150617A.html - Fix SMB send off unrelated memory contents as per CVE-2015-3237 http://curl.haxx.se/docs/adv_20150617B.html * Refresh patches * Fix spelling-error-in-description -- Alessandro Ghedini <email address hidden> Wed, 17 Jun 2015 10:21:34 +0200
curl (7.42.1-3) unstable; urgency=medium * Update copyright * Set both CA bundle and CA path default values for OpenSSL and GnuTLS backends * Bump versioned depends on libgnutls to workaround lack of nettle versioned symbols (Closes: #787960) -- Alessandro Ghedini <email address hidden> Sun, 07 Jun 2015 18:15:15 +0200
Superseded in jessie-release |
curl (7.38.0-4+deb8u2) jessie-security; urgency=high * Don't send sensitive HTTP server headers to proxies as per CVE-2015-3153 http://curl.haxx.se/docs/adv_20150429.html -- Alessandro Ghedini <email address hidden> Wed, 29 Apr 2015 10:47:47 +0200
curl (7.42.1-2) unstable; urgency=medium * Switch curl binary to libcurl3-gnutls (Closes: #342719) This is the first step of a possible migration to a GnuTLS-only libcurl for Debian. Let's see how it goes. -- Alessandro Ghedini <email address hidden> Sun, 03 May 2015 13:13:15 +0200
curl (7.42.1-1) unstable; urgency=high * New upstream release - Don't send sensitive HTTP server headers to proxies as per CVE-2015-3153 http://curl.haxx.se/docs/adv_20150429.html * Drop 08_fix-spelling.patch (merged upstream) * Refresh patches -- Alessandro Ghedini <email address hidden> Wed, 29 Apr 2015 10:43:43 +0200
curl (7.42.0-1) unstable; urgency=medium * New upstream release - Fix re-using authenticated connection when unauthenticated as per CVE-2015-3143 http://curl.haxx.se/docs/adv_20150422A.html - Fix host name out of boundary memory access as per CVE-2015-3144 http://curl.haxx.se/docs/adv_20150422D.html - Fix cookie parser out of boundary memory access as per CVE-2015-3145 http://curl.haxx.se/docs/adv_20150422C.html - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148 http://curl.haxx.se/docs/adv_20150422B.html - Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is defined (Closes: #768562) * Drop patches merged upstream * Refresh patches * Bump Standards-Version to 3.9.6 (no changes needed) -- Alessandro Ghedini <email address hidden> Wed, 22 Apr 2015 11:07:32 +0200
Superseded in wheezy-release |
curl (7.26.0-1+wheezy11) wheezy-security; urgency=high * Fix duphandle read out of bounds as per CVE-2014-3707 http://curl.haxx.se/docs/adv_20141105.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Sun, 02 Nov 2014 16:07:47 +0100
curl (7.38.0-4) unstable; urgency=high * Fix URL request injection vulnerability as per CVE-2014-8150 http://curl.haxx.se/docs/adv_20150108B.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Thu, 08 Jan 2015 10:47:24 +0100
curl (7.38.0-3) unstable; urgency=high * Enable all hardening options (Closes: #763372) * Fix duphandle read out of bounds as per CVE-2014-3707 http://curl.haxx.se/docs/adv_20141105.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Thu, 06 Nov 2014 11:40:24 +0100
Superseded in wheezy-release |
curl (7.26.0-1+wheezy10) wheezy-security; urgency=high * Fix multiple security issues: - Only use full host matches for hosts used as IP address as per CVE-2014-3613 - Reject incoming cookies set for TLDs as per CVE-2014-3620 * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Sat, 06 Sep 2014 14:07:02 +0200
curl (7.38.0-2) unstable; urgency=medium * Check for libtoolize instead of libtool during build. Thanks to Helmut Grohne for the patch (Closes: #761740) * Add README.source note regarding ordering of patches (Closes: #762193) * Add 10_fix-resolver.patch from upstream (Closes: #762014) -- Alessandro Ghedini <email address hidden> Tue, 23 Sep 2014 16:41:53 +0200
curl (7.38.0-1) unstable; urgency=medium * New upstream release - Only use full host matches for hosts used as IP address as per CVE-2014-3613 http://curl.haxx.se/docs/adv_20140910A.html - Reject incoming cookies set for TLDs as per CVE-2014-3620 http://curl.haxx.se/docs/adv_20140910B.html * Drop 08_link-curl-to-nss.patch (merged upstream) * Refresh patches * Fix wildcard-matches-nothing-in-dep5-copyright * Add 08_fix-spelling.patch -- Alessandro Ghedini <email address hidden> Wed, 10 Sep 2014 20:11:02 +0200
Published in squeeze-release |
curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium * Fix multiple security issues (Closes: #742728): - Fix connection re-use when using different log-in credentials as per CVE-2014-0138 http://curl.haxx.se/docs/adv_20140326A.html - Reject IP address wildcard matches as per CVE-2014-0139 http://curl.haxx.se/docs/adv_20140326B.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Wed, 09 Apr 2014 19:47:38 +0200
curl (7.37.1-1) unstable; urgency=medium * New upstream release * Re-enable RTMP support (Closes: #754222) * Add 08_link-curl-to-nss.patch to fix NSS build * Refresh patches * Install manpages of single libcurl options too -- Alessandro Ghedini <email address hidden> Fri, 18 Jul 2014 10:18:03 +0200
curl (7.37.0-1) unstable; urgency=medium * New upstream release - Fix NULL pointer dereference in GnuTLS code (Closes: #746349) * Drop 08_fix-imap-tests.patch (merged upstream) * Refresh 01_runtests_gdb.patch * Remove Build-Depends on libgcrypt -- Alessandro Ghedini <email address hidden> Wed, 21 May 2014 15:22:38 +0200
curl (7.36.0-2) unstable; urgency=medium * Move Depends on -dev packages needed to use static libraries to Suggests * Switch to GnuTLS 3.x (Closes: #741568) * Disable RTMP support (librtmp-dev requires libgnutls-dev, which conflicts with libgnutls28-dev) -- Alessandro Ghedini <email address hidden> Mon, 28 Apr 2014 19:37:14 +0200
Superseded in wheezy-release |
curl (7.26.0-1+wheezy9) wheezy-security; urgency=high * Fix multiple security issues (Closes: #742728): - Fix connection re-use when using different log-in credentials as per CVE-2014-0138 http://curl.haxx.se/docs/adv_20140326A.html - Reject IP address wildcard matches as per CVE-2014-0139 http://curl.haxx.se/docs/adv_20140326B.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Wed, 09 Apr 2014 19:03:55 +0200
curl (7.36.0-1) unstable; urgency=high * New upstream release (Closes: #742728) - Fix connection re-use when using different log-in credentials as per CVE-2014-0138 http://curl.haxx.se/docs/adv_20140326A.html - Reject IP address wildcard matches as per CVE-2014-0139 http://curl.haxx.se/docs/adv_20140326B.html - Set urgency=high accordingly * Add 08_fix-imap-tests.patch to fix tests broken by the fix for CVE-2014-0138 -- Alessandro Ghedini <email address hidden> Sun, 30 Mar 2014 15:36:35 +0200
Superseded in squeeze-release |
curl (7.21.0-2.1+squeeze7) squeeze-security; urgency=high * Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015 http://curl.haxx.se/docs/adv_20140129.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Wed, 29 Jan 2014 19:05:15 +0100
Superseded in wheezy-release |
curl (7.26.0-1+wheezy8) wheezy-security; urgency=high * Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015 http://curl.haxx.se/docs/adv_20140129.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Wed, 29 Jan 2014 19:01:03 +0100
curl (7.35.0-1) unstable; urgency=high * New upstream release - Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015 http://curl.haxx.se/docs/adv_20140129.html - Set urgency=high accordingly * Refresh patches -- Alessandro Ghedini <email address hidden> Wed, 29 Jan 2014 11:16:57 +0100
curl (7.34.0-1) unstable; urgency=high * New upstream release - Fix GnuTLS checking of a certificate CN or SAN name field when the digital signature verification is turned off as per CVE-2013-6422 http://curl.haxx.se/docs/adv_20131217.html - Set urgency=high accordingly * Drop patches merged upstream: - 08_fix-typo.patch - 09_fix-urlglob.patch -- Alessandro Ghedini <email address hidden> Tue, 17 Dec 2013 13:16:19 +0100
Superseded in wheezy-release |
curl (7.26.0-1+wheezy6) stable-security; urgency=low * Disable host verification too when using the --insecure option (Closes: #729965) -- Alessandro Ghedini <email address hidden> Tue, 19 Nov 2013 17:15:32 +0100
curl (7.33.0-2) unstable; urgency=low * Make -dev packages Multi-Arch: same too (Closes: #731309) * Bump Standards-Version to 3.9.5 (no changes needed) * Add 09_fix-urlglob.patch to fix URL globbing (Closes: #731855) -- Alessandro Ghedini <email address hidden> Wed, 11 Dec 2013 18:44:37 +0100
Superseded in squeeze-release |
curl (7.21.0-2.1+squeeze4) oldstable-security; urgency=high * Fix URL decode buffer boundary flaw as per CVE-2013-2174 http://curl.haxx.se/docs/adv_20130622.html * Set urgency=high accordingly -- Alessandro Ghedini <email address hidden> Sat, 22 Jun 2013 16:53:25 +0200
Superseded in wheezy-release |
curl (7.26.0-1+wheezy4) stable-proposed-updates; urgency=low * Add 09_reset-timecond.patch (Closes: #705783, #719300) -- Alessandro Ghedini <email address hidden> Sat, 10 Aug 2013 16:45:38 +0200
curl (7.33.0-1) unstable; urgency=low * New upstream release - Handle arbitrary-length username and password (Closes: #719856) * Remove Luk from Uploaders as per his request (Closes: #723603) * Do not Build-Depends on specific automake version (Closes: #724361) * Fix lintian vcs-field-not-canonical * Add 08_fix-typo.patch * Refresh patches -- Alessandro Ghedini <email address hidden> Mon, 14 Oct 2013 22:11:14 +0200
curl (7.32.0-1) unstable; urgency=low * New upstream release * Fix typo in changelog entry for 7.31.0-1 (Closes: #714502) * Drop 08_typo.patch (merged upstream) * Drop 09_openssl-recv.patch (merged upstream) * Refresh 90_gnutls.patch and 99_nss.patch * Refresh 06_always-disable-valgrind.patch * Enable threaded DNS resolver (Closes: #570436) See NEWS.Debian for more info -- Alessandro Ghedini <email address hidden> Mon, 12 Aug 2013 12:19:05 +0200
curl (7.31.0-2) unstable; urgency=high * Add 09_openssl-recv.patch to fix incorrect OpenSSL usage (Closes: #714050) * Set urgency=high because of the security fix in the previous upload -- Alessandro Ghedini <email address hidden> Wed, 26 Jun 2013 11:47:00 +0200
76 → 150 of 204 results | First • Previous • Next • Last |