curl 7.38.0-4+deb8u5 source package in Debian


curl (7.38.0-4+deb8u5) jessie-security; urgency=high

  * Fix cookie injection for other servers as per CVE-2016-8615
  * Fix case insensitive password comparison as per CVE-2016-8616
  * Fix OOB write via unchecked multiplication as per CVE-2016-8617
  * Fix double-free in curl_maprintf as per CVE-2016-8618
  * Fix double-free in krb5 code as per CVE-2016-8619
  * Fix glob parser write/read out of bounds as per CVE-2016-8620
  * Fix curl_getdate read out of bounds as per CVE-2016-8621
  * Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
  * Fix use-after-free via shared cookies as per CVE-2016-8623
  * Fix invalid URL parsing with '#' as per CVE-2016-8624

 -- Alessandro Ghedini <email address hidden>  Tue, 01 Nov 2016 21:38:10 +0000

Upload details

Uploaded by:
Alessandro Ghedini on 2017-01-14
Uploaded to:
Original maintainer:
Alessandro Ghedini
any all
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
curl_7.38.0-4+deb8u5.dsc 2.6 KiB 2b5e0bf7ea27efaa23d3274a487227436a8b6777dc571c957ae1c9fb4e455d8d
curl_7.38.0.orig.tar.gz 3.9 MiB 5661028aa6532882fa228cd23c99ddbb8b87643dbb1a7ea55c068d34a943dff1
curl_7.38.0-4+deb8u5.debian.tar.xz 39.3 KiB 3f917091d1694a77852fe05293dafff079382e70d93f62f7de5c61f1812cf69d

No changes file available.

Binary packages built by this source