curl 7.22.0-3ubuntu4.17 source package in Ubuntu

Changelog

curl (7.22.0-3ubuntu4.17) precise-security; urgency=medium

  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

 -- Marc Deslauriers <email address hidden>  Thu, 03 Nov 2016 08:03:52 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
curl_7.22.0.orig.tar.gz 2.8 MiB 8fa54fdb229b5a014f454e67502fcca2516121f4d078e0be19103998a736279c
curl_7.22.0-3ubuntu4.17.debian.tar.gz 59.6 KiB ff52195fc04f65931a8b43c5dc4f426bf7c2da84b6a44a61a2eb480c31f3ab5c
curl_7.22.0-3ubuntu4.17.dsc 2.7 KiB a6fcff1bdd2d61f1a9df1e7fcaef22db42b2535ee1a2a734f961522ab6a9460c

View changes file

Binary packages built by this source

curl: Get a file from an HTTP, HTTPS or FTP server

 curl is a client to get files from servers using any of the supported
 protocols. The command is designed to work without user interaction
 or any kind of interactivity.
 .
 curl offers a busload of useful tricks like proxy support, user
 authentication, FTP upload, HTTP post, file transfer resume and more.

curl-udeb: Get a file from an HTTP, HTTPS or FTP server

 curl is a client to get files from servers using any of the supported
 protocols. The command is designed to work without user interaction
 or any kind of interactivity.
 .
 curl offers a busload of useful tricks like proxy support, user
 authentication, FTP upload, HTTP post, file transfer resume and more.
 .
 This package contains the curl binary for the Debian Installer (udeb)

libcurl3: Multi-protocol file transfer library (OpenSSL)

 libcurl is designed to be a solid, usable, reliable and portable
 multi-protocol file transfer library.
 .
 SSL support is provided by OpenSSL.
 .
 This is the shared version of libcurl.

libcurl3-dbg: libcurl compiled with debug symbols

 This contains the debug symbols of both the OpenSSL, GnuTLS and NSS versions
 of libcurl3. It might be useful in debug sessions of software which uses
 libcurl.

libcurl3-gnutls: Multi-protocol file transfer library (GnuTLS)

 libcurl is designed to be a solid, usable, reliable and portable
 multi-protocol file transfer library.
 .
 SSL support is provided by GnuTLS.
 .
 This is the shared version of libcurl.

libcurl3-nss: Multi-protocol file transfer library (NSS)

 libcurl is designed to be a solid, usable, reliable and portable
 multi-protocol file transfer library.
 .
 SSL support is provided by NSS.
 .
 This is the shared version of libcurl.

libcurl3-udeb: Multi-protocol file transfer library (OpenSSL)

 libcurl is designed to be a solid, usable, reliable and portable
 multi-protocol file transfer library.
 .
 SSL support is provided by OpenSSL.
 .
 This package contains the minimal runtime libraries for the Debian Installer
 (udeb).

libcurl4-gnutls-dev: Development files and documentation for libcurl (GnuTLS)

 These files (ie. includes, static library, manual pages) allow to
 build software which uses libcurl.
 .
 SSL support is provided by GnuTLS.
 .
 HTML and PDF versions of all the manual pages are also provided.

libcurl4-nss-dev: Development files and documentation for libcurl (NSS)

 These files (ie. includes, static library, manual pages) allow to
 build software which uses libcurl.
 .
 SSL support is provided by NSS.
 .
 HTML and PDF versions of all the manual pages are also provided.

libcurl4-openssl-dev: Development files and documentation for libcurl (OpenSSL)

 These files (ie. includes, static library, manual pages) allow to
 build software which uses libcurl.
 .
 SSL support is provided by OpenSSL.
 .
 HTML and PDF versions of all the manual pages are also provided.