Format: 1.8
Date: Tue, 14 Mar 2023 12:37:02 -0400
Source: curl
Built-For-Profiles: noudeb
Architecture: source
Version: 7.81.0-1ubuntu1.10
Distribution: jammy-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Changes:
 curl (7.81.0-1ubuntu1.10) jammy-security; urgency=medium
 .
   * SECURITY UPDATE: TELNET option IAC injection
     - debian/patches/CVE-2023-27533.patch: only accept option arguments in
       ascii in lib/telnet.c.
     - CVE-2023-27533
   * SECURITY UPDATE: SFTP path ~ resolving discrepancy
     - debian/patches/CVE-2023-27534-pre1.patch: do not add '/' if homedir
       ends with one in lib/curl_path.c.
     - debian/patches/CVE-2023-27534.patch: create the new path with dynbuf
       in lib/curl_path.c.
     - CVE-2023-27534
   * SECURITY UPDATE: FTP too eager connection reuse
     - debian/patches/CVE-2023-27535-pre1.patch: add and use Curl_timestrcmp
       in lib/netrc.c, lib/strcase.c, lib/strcase.h, lib/url.c,
       lib/vauth/digest_sspi.c, lib/vtls/vtls.c.
     - debian/patches/CVE-2023-27535.patch: add more conditions for
       connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h.
     - CVE-2023-27535
   * SECURITY UPDATE: GSS delegation too eager connection re-use
     - debian/patches/CVE-2023-27536.patch: only reuse connections with same
       GSS delegation in lib/url.c, lib/urldata.h.
     - CVE-2023-27536
   * SECURITY UPDATE: SSH connection too eager reuse still
     - debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse
       check in lib/url.c.
     - CVE-2023-27538
Checksums-Sha1:
 dd82ec1befdde1e8ea4ee703c43ff960d8a8489f 3143 curl_7.81.0-1ubuntu1.10.dsc
 e08a0e3e2e60c3b96f710c03af6152b34a4fad5c 65220 curl_7.81.0-1ubuntu1.10.debian.tar.xz
 801473ad4753d2eca313521604034b0844c841ba 10841 curl_7.81.0-1ubuntu1.10_source.buildinfo
Checksums-Sha256:
 6348d6aa010bf35bef82e8d256fa283161c9e39719742f4d1a48477c6aeab2b5 3143 curl_7.81.0-1ubuntu1.10.dsc
 abbbe28d0bd7b182a10f34df5765220dd13efd8ddd7bfec1e0d9b818f8b570bd 65220 curl_7.81.0-1ubuntu1.10.debian.tar.xz
 717e3ad052221b63c5cdb5f25eac3675a2064164da5545b767d0ddb7da7c9b8b 10841 curl_7.81.0-1ubuntu1.10_source.buildinfo
Files:
 3b7247f94ca6ee4eb2fd4d19c30817e0 3143 web optional curl_7.81.0-1ubuntu1.10.dsc
 3cf4317bcf75604e576e926783f92cfd 65220 web optional curl_7.81.0-1ubuntu1.10.debian.tar.xz
 59a91bad3a5da9c5c60ab819efd7aed0 10841 web optional curl_7.81.0-1ubuntu1.10_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo@debian.org>