curl 7.51.0-1 source package in Debian


curl (7.51.0-1) unstable; urgency=medium

  * New upstream release
    - Fix cookie injection for other servers as per CVE-2016-8615
    - Fix case insensitive password comparison as per CVE-2016-8616
    - Fix OOB write via unchecked multiplication as per CVE-2016-8617
    - Fix double-free in curl_maprintf as per CVE-2016-8618
    - Fix double-free in krb5 code as per CVE-2016-8619
    - Fix glob parser write/read out of bounds as per CVE-2016-8620
    - Fix curl_getdate read out of bounds as per CVE-2016-8621
    - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
    - Fix use-after-free via shared cookies as per CVE-2016-8623
    - Fix invalid URL parsing with '#' as per CVE-2016-8624
    - Fix IDNA 2003 makes curl use wrong host
    - Fix escape and unescape integer overflows as
      per CVE-2016-7167 (Closes: #837945)
    - Fix incorrect reuse of client certificates (NSS backend)
      as per CVE-2016-7141 (Closes: #836918)
  * Drop 02_art_http_scripting.patch (file not shipped anymore)
  * Refresh patches
  * Temporarily disable IDN support
  * Don't install pdf and html docs (they are not shipped in the tarball anymore)
  * Install markdown docs

 -- Alessandro Ghedini <email address hidden>  Thu, 03 Nov 2016 22:46:14 +0000

Upload details

Uploaded by:
Alessandro Ghedini on 2016-11-04
Uploaded to:
Original maintainer:
Alessandro Ghedini
any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
curl_7.51.0-1.dsc 2.6 KiB e139d0221798b98174533e4219c7841bd1880a85ce776fb44d9d67d3e9c77808
curl_7.51.0.orig.tar.gz 3.3 MiB 65b5216a6fbfa72f547eb7706ca5902d7400db9868269017a8888aa91d87977c
curl_7.51.0-1.debian.tar.xz 26.4 KiB be7ec42a13fc8167a5dd8bd092324594f05632b8eb7faef94128281310cc7e6f

No changes file available.

Binary packages built by this source