curl 7.37.1-1ubuntu3.4 source package in Ubuntu
Changelog
curl (7.37.1-1ubuntu3.4) utopic-security; urgency=medium
* SECURITY UPDATE: NTLM connection reuse when unauthenticated
- debian/patches/CVE-2015-3143.patch: require credentials to match in
lib/url.c.
- CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
- debian/patches/CVE-2015-3144.patch: check for valid length in
lib/url.c.
- CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
- debian/patches/CVE-2015-3145.patch: properly handle a single double
quote in lib/cookie.c.
- CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
- debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
each exchange and close Negotiate connections when done in
lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
- CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
- debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
- CVE-2015-3153
-- Marc Deslauriers <email address hidden> Wed, 29 Apr 2015 10:23:26 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Utopic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.37.1.orig.tar.gz | 3.9 MiB | a32492a38c10a097344892f5fd2041e54698cb909696852311b1161e4aa979f3 |
| curl_7.37.1-1ubuntu3.4.debian.tar.xz | 36.1 KiB | 6aee8c0f05e89492b1c596369d87487ce53f3a2e12f7ca6aaccb04f30e496013 |
| curl_7.37.1-1ubuntu3.4.dsc | 2.8 KiB | 8347528e39cc7e2f714499eb586370a0781de908c514583b86d9a9d50112d4b4 |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu utopic.
No description available for curl in ubuntu utopic.
- curl-udeb: No summary available for curl-udeb in ubuntu utopic.
No description available for curl-udeb in ubuntu utopic.
- libcurl3: No summary available for libcurl3 in ubuntu utopic.
No description available for libcurl3 in ubuntu utopic.
- libcurl3-dbg: No summary available for libcurl3-dbg in ubuntu utopic.
No description available for libcurl3-dbg in ubuntu utopic.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu utopic.
No description available for libcurl3-gnutls in ubuntu utopic.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu utopic.
No description available for libcurl3-nss in ubuntu utopic.
- libcurl3-udeb: No summary available for libcurl3-udeb in ubuntu utopic.
No description available for libcurl3-udeb in ubuntu utopic.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu utopic.
No description available for libcurl4-doc in ubuntu utopic.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu utopic.
No description available for libcurl4-gnutls-dev in ubuntu utopic.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu utopic.
No description available for libcurl4-nss-dev in ubuntu utopic.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu utopic.
No description available for libcurl4-
openssl- dev in ubuntu utopic.
