curl (7.38.0-3ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: URL request injection
- debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
- CVE-2014-8150
-- Marc Deslauriers <email address hidden> Wed, 14 Jan 2015 07:57:00 -0500