Copied from
ubuntu xenial in
Private PPA for Ubuntu Security Team
by Alex Murray
Changelog
curl (7.47.0-1ubuntu2.14) xenial-security; urgency=medium
* SECURITY UPDATE: double-free when using kerberos over FTP may cause
denial-of-service
- debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
double-free on large memory allocation failures
- CVE-2019-5481
* SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
cause denial-of-service or remote code-execution
- debian/patches/CVE-2019-5482.patch: ensure to use the correct block
size when calling recvfrom() if the server returns an OACK without
specifying a block size in lib/tftp.c
- CVE-2019-5482
-- Alex Murray <email address hidden> Fri, 06 Sep 2019 15:00:31 +0930