Ubuntu
curl package

curl 7.42.1-2ubuntu1 source package in Ubuntu

Changelog

curl (7.42.1-2ubuntu1) wily; urgency=low

  * Merge from Debian (LP: #1459685). Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop stunnel4 and libssh2-1-dev.
      + Drop libssh2-1-dev from binary package Depends.
  * Dropped patches:
    - debian/patches/CVE-2015-3143.patch: upstream
    - debian/patches/CVE-2015-3148.patch: upstream
    - debian/patches/CVE-2015-3144.patch: upstream
    - debian/patches/CVE-2015-3153.patch: upstream
    - debian/patches/CVE-2014-8150.patch: upstream
    - debian/patches/CVE-2015-3145.patch: upstream
  * Dropped the added udeb packages. They were empty since trusty and were
    originally added for LP: #831496, this change is likely not needed any
    more.

curl (7.42.1-2) unstable; urgency=medium

  * Switch curl binary to libcurl3-gnutls (Closes: #342719)
    This is the first step of a possible migration to a GnuTLS-only
    libcurl for Debian. Let's see how it goes.

curl (7.42.1-1) unstable; urgency=high

  * New upstream release
    - Don't send sensitive HTTP server headers to proxies as per
      CVE-2015-3153
      http://curl.haxx.se/docs/adv_20150429.html
  * Drop 08_fix-spelling.patch (merged upstream)
  * Refresh patches

curl (7.42.0-1) unstable; urgency=medium

  * New upstream release
    - Fix re-using authenticated connection when unauthenticated
      as per CVE-2015-3143
      http://curl.haxx.se/docs/adv_20150422A.html
    - Fix host name out of boundary memory access as per CVE-2015-3144
      http://curl.haxx.se/docs/adv_20150422D.html
    - Fix cookie parser out of boundary memory access as per CVE-2015-3145
      http://curl.haxx.se/docs/adv_20150422C.html
    - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
      http://curl.haxx.se/docs/adv_20150422B.html
    - Disable SSLv3 in the OpenSSL backend when OPENSSL_NO_SSL3_METHOD is
      defined (Closes: #768562)
  * Drop patches merged upstream
  * Refresh patches
  * Bump Standards-Version to 3.9.6 (no changes needed)

curl (7.38.0-4) unstable; urgency=high

  * Fix URL request injection vulnerability as per CVE-2014-8150
    http://curl.haxx.se/docs/adv_20150108B.html
  * Set urgency=high accordingly

 -- Gianfranco Costamagna <email address hidden>  Thu, 28 May 2015 15:53:47 +0200

Upload details

Uploaded by:: Gianfranco Costamagna on 2015-06-08

Sponsored by:: Daniel Holbach

Uploaded to:: Wily

Original maintainer:: Ubuntu Developers

Architectures:: any all

Section:: web

Urgency:: Very Urgent

See full publishing history Publishing

Series	Pocket	Published	Component	Section

Builds

Wily: amd64 arm64 armhf i386 powerpc ppc64el

Downloads

File	Size	SHA-256 Checksum
curl_7.42.1.orig.tar.gz	4.1 MiB	4fc504f4fac56d091162707941d06c72a4222fc6fa48ca8193e44ee74baf079c
curl_7.42.1-2ubuntu1.debian.tar.xz	27.4 KiB	4b8ac9ac3f48b491790ebc88ef95ec926f017475d2d0ccdbcbd67aba4b5d45e9
curl_7.42.1-2ubuntu1.dsc	2.0 KiB	49ebc145105bcd90b1f52d48f9311283c5005facfba99fcd110910934a026924

Available diffs

diff from 7.38.0-3ubuntu3 to 7.42.1-2ubuntu1 (1.1 MiB)

View changes file

Binary packages built by this source

curl: No summary available for curl in ubuntu wily.: No description available for curl in ubuntu wily.

curl-dbgsym: No summary available for curl-dbgsym in ubuntu wily.: No description available for curl-dbgsym in ubuntu wily.

libcurl3: No summary available for libcurl3 in ubuntu wily.: No description available for libcurl3 in ubuntu wily.

libcurl3-dbg: No summary available for libcurl3-dbg in ubuntu wily.: No description available for libcurl3-dbg in ubuntu wily.

libcurl3-dbgsym: No summary available for libcurl3-dbgsym in ubuntu wily.: No description available for libcurl3-dbgsym in ubuntu wily.

libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu wily.: No description available for libcurl3-gnutls in ubuntu wily.

libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu wily.: No description available for libcurl3-gnutls-dbgsym in ubuntu wily.

libcurl3-nss: No summary available for libcurl3-nss in ubuntu wily.: No description available for libcurl3-nss in ubuntu wily.

libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu wily.: No description available for libcurl3-nss-dbgsym in ubuntu wily.

libcurl4-doc: No summary available for libcurl4-doc in ubuntu wily.: No description available for libcurl4-doc in ubuntu wily.

libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu wily.: No description available for libcurl4-gnutls-dev in ubuntu wily.

libcurl4-gnutls-dev-dbgsym: No summary available for libcurl4-gnutls-dev-dbgsym in ubuntu wily.: No description available for libcurl4-gnutls-dev-dbgsym in ubuntu wily.

libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu wily.: No description available for libcurl4-nss-dev in ubuntu wily.

libcurl4-nss-dev-dbgsym: No summary available for libcurl4-nss-dev-dbgsym in ubuntu wily.: No description available for libcurl4-nss-dev-dbgsym in ubuntu wily.

libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu wily.: No description available for libcurl4-openssl-dev in ubuntu wily.

libcurl4-openssl-dev-dbgsym: No summary available for libcurl4-openssl-dev-dbgsym in ubuntu wily.: No description available for libcurl4-openssl-dev-dbgsym in ubuntu wily.

Ubuntucurl package

curl 7.42.1-2ubuntu1 source package in Ubuntu

Changelog

Upload details

See full publishing history Publishing

Builds

Downloads

Available diffs

Binary packages built by this source

Ubuntu
curl package