Debian
curl package

curl 7.64.0-4+deb10u2 source package in Debian

Changelog

curl (7.64.0-4+deb10u2) buster-security; urgency=high

  * Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
    (Closes: #965280)
    https://curl.haxx.se/docs/CVE-2020-8169.html
  * Fix local file overwrite as per CVE-2020-8177 (Closes: #965281)
    https://curl.se/docs/CVE-2020-8177.html
  * Fix use of wrong connect-only connection as per CVE-2020-8231
    (Closes: #968831)
    https://curl.se/docs/CVE-2020-8231.html
  * Don't trust FTP PASV responses by default as per CVE-2020-8284
    (Closes: #977163)
  * Fix FTP wildcard stack overflow as per CVE-2020-8285 (Closes: #977162)
    https://curl.se/docs/CVE-2020-8285.html
  * Make the OCSP verification verify the certificate id as per CVE-2020-8286
    (Closes: #977161)
    https://curl.se/docs/CVE-2020-8286.html
  * Fix credentials leak with automatic referer as per CVE-2021-22876
    https://curl.se/docs/CVE-2021-22876.html
  * Fix TLS 1.3 session ticket proxy host mixup as per CVE-2021-22890
    https://curl.se/docs/CVE-2021-22890.html

 -- Alessandro Ghedini <email address hidden>  Tue, 30 Mar 2021 21:56:00 +0100

Upload details

Uploaded by:
Alessandro Ghedini
Uploaded to:
Buster
Original maintainer:
Alessandro Ghedini
Architectures:
any all
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Buster release main libs

Builds

Downloads

File Size SHA-256 Checksum
curl_7.64.0-4+deb10u2.dsc 2.7 KiB 3cc585f4c22c0c001527f5f26f5a6154a86d1df9752aa118bf7d8e892ec4fac2
curl_7.64.0.orig.tar.gz 3.8 MiB cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5
curl_7.64.0-4+deb10u2.debian.tar.xz 42.6 KiB 6b7f793e0cd41e2ccb49301ad4e58c83282f46be7c9415c9280164834efd0e52

No changes file available.

Binary packages built by this source