curl 7.37.1-1ubuntu3.4 source package in Ubuntu

Changelog

curl (7.37.1-1ubuntu3.4) utopic-security; urgency=medium

  * SECURITY UPDATE: NTLM connection reuse when unauthenticated
    - debian/patches/CVE-2015-3143.patch: require credentials to match in
      lib/url.c.
    - CVE-2015-3143
  * SECURITY UPDATE: host name out of boundary memory access
    - debian/patches/CVE-2015-3144.patch: check for valid length in
      lib/url.c.
    - CVE-2015-3144
  * SECURITY UPDATE: cookie parser out of boundary memory access
    - debian/patches/CVE-2015-3145.patch: properly handle a single double
      quote in lib/cookie.c.
    - CVE-2015-3145
  * SECURITY UPDATE: negotiate not treated as connection-oriented
    - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
      each exchange and close Negotiate connections when done in
      lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
    - CVE-2015-3148
  * SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
    - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
      docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
      tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
    - CVE-2015-3153

 -- Marc Deslauriers <email address hidden>  Wed, 29 Apr 2015 10:23:26 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2015-04-29
Uploaded to:
Utopic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
curl_7.37.1.orig.tar.gz 3.9 MiB a32492a38c10a097344892f5fd2041e54698cb909696852311b1161e4aa979f3
curl_7.37.1-1ubuntu3.4.debian.tar.xz 36.1 KiB 6aee8c0f05e89492b1c596369d87487ce53f3a2e12f7ca6aaccb04f30e496013
curl_7.37.1-1ubuntu3.4.dsc 2.8 KiB 8347528e39cc7e2f714499eb586370a0781de908c514583b86d9a9d50112d4b4

View changes file

Binary packages built by this source

curl: No summary available for curl in ubuntu utopic.

No description available for curl in ubuntu utopic.

curl-udeb: No summary available for curl-udeb in ubuntu utopic.

No description available for curl-udeb in ubuntu utopic.

libcurl3: No summary available for libcurl3 in ubuntu utopic.

No description available for libcurl3 in ubuntu utopic.

libcurl3-dbg: No summary available for libcurl3-dbg in ubuntu utopic.

No description available for libcurl3-dbg in ubuntu utopic.

libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu utopic.

No description available for libcurl3-gnutls in ubuntu utopic.

libcurl3-nss: No summary available for libcurl3-nss in ubuntu utopic.

No description available for libcurl3-nss in ubuntu utopic.

libcurl3-udeb: No summary available for libcurl3-udeb in ubuntu utopic.

No description available for libcurl3-udeb in ubuntu utopic.

libcurl4-doc: No summary available for libcurl4-doc in ubuntu utopic.

No description available for libcurl4-doc in ubuntu utopic.

libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu utopic.

No description available for libcurl4-gnutls-dev in ubuntu utopic.

libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu utopic.

No description available for libcurl4-nss-dev in ubuntu utopic.

libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu utopic.

No description available for libcurl4-openssl-dev in ubuntu utopic.