curl 7.60.0-1 source package in Debian


curl (7.60.0-1) unstable; urgency=medium

  * New upstream release (Closes: #891997, #893546, #898856)
    + Fix use of IPv6 literals with NO_PROXY
    + Fix NIL byte out of bounds write due to FTP path trickery
      as per CVE-2018-1000120
    + Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    + Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    + Fix heap buffer overflow when closing down an FTP connection
      with very long server command replies as per CVE-2018-1000300
    + Fix heap buffer over-read when parsing bad RTSP headers
      as per CVE-2018-1000301
  * Refresh patches
  * Bump Standards-Version to 4.1.4 (no changes needed)

 -- Alessandro Ghedini <email address hidden>  Fri, 18 May 2018 20:21:17 +0100

Upload details

Uploaded by:
Alessandro Ghedini on 2018-05-18
Uploaded to:
Original maintainer:
Alessandro Ghedini
any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
curl_7.60.0-1.dsc 2.6 KiB bc0ff8df97daaef91be8492f006705620edb8129a91cf96bd52b321edccbe4be
curl_7.60.0.orig.tar.gz 3.8 MiB e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5
curl_7.60.0-1.debian.tar.xz 27.4 KiB 9df332182666f04e07a676059942c6c4f7c786be84d938bcaf13bdb4e03c9c15

No changes file available.

Binary packages built by this source