curl 7.50.1-1ubuntu1.1 source package in Ubuntu

Changelog

curl (7.50.1-1ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

 -- Marc Deslauriers <email address hidden>  Wed, 02 Nov 2016 13:45:25 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2016-11-02
Uploaded to:
Yakkety
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
curl_7.50.1.orig.tar.gz 8.5 MiB 3e392cf600822b817be82d9080b377fcbab70538d5a8bf525a1cd66e157b99ea
curl_7.50.1-1ubuntu1.1.debian.tar.xz 37.6 KiB 41ba4601b821ae9c38816a54086a60ec9925b7792b857f841c1b4e97dbccec9f
curl_7.50.1-1ubuntu1.1.dsc 2.7 KiB 886fbbfb9aae0997de5c49c66f739fd4cf22adbdb716b4e36a1e94c908661422

View changes file

Binary packages built by this source

curl: No summary available for curl in ubuntu yakkety.

No description available for curl in ubuntu yakkety.

curl-dbgsym: No summary available for curl-dbgsym in ubuntu yakkety.

No description available for curl-dbgsym in ubuntu yakkety.

libcurl3: No summary available for libcurl3 in ubuntu yakkety.

No description available for libcurl3 in ubuntu yakkety.

libcurl3-dbg: No summary available for libcurl3-dbg in ubuntu yakkety.

No description available for libcurl3-dbg in ubuntu yakkety.

libcurl3-dbgsym: No summary available for libcurl3-dbgsym in ubuntu yakkety.

No description available for libcurl3-dbgsym in ubuntu yakkety.

libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu yakkety.

No description available for libcurl3-gnutls in ubuntu yakkety.

libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu yakkety.

No description available for libcurl3-gnutls-dbgsym in ubuntu yakkety.

libcurl3-nss: No summary available for libcurl3-nss in ubuntu yakkety.

No description available for libcurl3-nss in ubuntu yakkety.

libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu yakkety.

No description available for libcurl3-nss-dbgsym in ubuntu yakkety.

libcurl4-doc: No summary available for libcurl4-doc in ubuntu yakkety.

No description available for libcurl4-doc in ubuntu yakkety.

libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu yakkety.

No description available for libcurl4-gnutls-dev in ubuntu yakkety.

libcurl4-gnutls-dev-dbgsym: No summary available for libcurl4-gnutls-dev-dbgsym in ubuntu yakkety.

No description available for libcurl4-gnutls-dev-dbgsym in ubuntu yakkety.

libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu yakkety.

No description available for libcurl4-nss-dev in ubuntu yakkety.

libcurl4-nss-dev-dbgsym: No summary available for libcurl4-nss-dev-dbgsym in ubuntu yakkety.

No description available for libcurl4-nss-dev-dbgsym in ubuntu yakkety.

libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu yakkety.

No description available for libcurl4-openssl-dev in ubuntu yakkety.

libcurl4-openssl-dev-dbgsym: No summary available for libcurl4-openssl-dev-dbgsym in ubuntu yakkety.

No description available for libcurl4-openssl-dev-dbgsym in ubuntu yakkety.