Format: 1.8
Date: Mon, 29 Oct 2018 08:10:57 -0400
Source: curl
Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.58.0-2ubuntu3.5
Distribution: bionic-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.58.0-2ubuntu3.5) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: SASL password overflow via integer overflow
     - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
       in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
     - debian/patches/CVE-2018-16839.patch: fix check in
       lib/vauth/cleartext.c.
     - CVE-2018-16839
   * SECURITY UPDATE: warning message out-of-buffer read
     - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
     - CVE number pending
Checksums-Sha1:
 d424c39fec36397fa7d6305a3b58056c7187de4c 2777 curl_7.58.0-2ubuntu3.5.dsc
 7462604c81cfe43f8c11bfb66fed2ade4990be16 37444 curl_7.58.0-2ubuntu3.5.debian.tar.xz
 def95607d892acc19018707b1b1002093ef9fb96 9122 curl_7.58.0-2ubuntu3.5_source.buildinfo
Checksums-Sha256:
 452b48935c1f8188f716ffe6efe1c5fa6213d9a57f92e96c0bd825182836443c 2777 curl_7.58.0-2ubuntu3.5.dsc
 dbce6d663e68afcee5c818fd9302d3059983763bfcc4a3f7edba328b7aacf0bc 37444 curl_7.58.0-2ubuntu3.5.debian.tar.xz
 545a612fe2514ee05e6863c0ea1fe98a2b98cb81473f7ac5be30c63219edeee3 9122 curl_7.58.0-2ubuntu3.5_source.buildinfo
Files:
 781fb433c722d3fc32fdfa9a71c9bc21 2777 web optional curl_7.58.0-2ubuntu3.5.dsc
 e90dcb4842f8e4993662e1ec148831a6 37444 web optional curl_7.58.0-2ubuntu3.5.debian.tar.xz
 e6883917a5d558bf5e0499fed753326c 9122 web optional curl_7.58.0-2ubuntu3.5_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo@debian.org>