Copied from
ubuntu xenial in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
curl (7.47.0-1ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: TLS session resumption client cert bypass
- debian/patches/CVE-2016-5419.patch: switch off SSL session id when
client cert is used in lib/url.c, lib/urldata.h, lib/vtls/vtls.c.
- CVE-2016-5419
* SECURITY UPDATE: re-using connections with wrong client cert
- debian/patches/CVE-2016-5420.patch: only reuse connections with the
same client cert in lib/vtls/vtls.c.
- CVE-2016-5420
* SECURITY UPDATE: use of connection struct after free
- debian/patches/CVE-2016-5421.patch: clear connection pointer for easy
handles in lib/multi.c.
- CVE-2016-5421
-- Marc Deslauriers <email address hidden> Fri, 05 Aug 2016 11:17:47 -0400