Format: 1.8
Date: Thu, 03 Nov 2016 14:04:47 -0400
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: arm64
Version: 7.50.1-1ubuntu2
Distribution: zesty-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-042.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.50.1-1ubuntu2) zesty; urgency=medium
 .
   * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
     - debian/patches/CVE-2016-7141.patch: refuse previously loaded
       certificate from file in lib/vtls/nss.c.
     - CVE-2016-7141
   * SECURITY UPDATE: curl escape and unescape integer overflows
     - debian/patches/CVE-2016-7167.patch: deny negative string length
       inputs in lib/escape.c.
     - CVE-2016-7167
   * SECURITY UPDATE: cookie injection for other servers
     - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
       lib/cookie.c.
     - CVE-2016-8615
   * SECURITY UPDATE: case insensitive password comparison
     - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
       comparisons in lib/url.c.
     - CVE-2016-8616
   * SECURITY UPDATE: OOB write via unchecked multiplication
     - debian/patches/CVE-2016-8617.patch: check for integer overflow on
       large input in lib/base64.c.
     - CVE-2016-8617
   * SECURITY UPDATE: double-free in curl_maprintf
     - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
       allocation in lib/mprintf.c.
     - CVE-2016-8618
   * SECURITY UPDATE: double-free in krb5 code
     - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
     - CVE-2016-8619
   * SECURITY UPDATE: glob parser write/read out of bounds
     - debian/patches/CVE-2016-8620.patch: stay within bounds in
       src/tool_urlglob.c.
     - CVE-2016-8620
   * SECURITY UPDATE: curl_getdate read out of bounds
     - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
       lib/parsedate.c, added tests to tests/data/test517,
       tests/libtest/lib517.c.
     - CVE-2016-8621
   * SECURITY UPDATE: URL unescape heap overflow via integer truncation
     - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
       lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
     - CVE-2016-8622
   * SECURITY UPDATE: Use-after-free via shared cookies
     - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
       in lib/cookie.c, lib/cookie.h, lib/http.c.
     - CVE-2016-8623
   * SECURITY UPDATE: invalid URL parsing with #
     - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
       lib/url.c.
     - CVE-2016-8624
Checksums-Sha1:
 e096fcd69b684962739ea93d71cefe3252f96554 1080 curl-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 4ff1e0f324e8d45748dbeb4a61695a27644652a8 135468 curl_7.50.1-1ubuntu2_arm64.deb
 3b19e4a7f21b0138903c1263f1323d39bd5c5e4e 4374060 libcurl3-dbg_7.50.1-1ubuntu2_arm64.deb
 0fb671351e07f28bcb749fd749f5a40c293ab180 1196 libcurl3-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 1627cafbda8acdd5ec199cda73e00f9187088c97 1202 libcurl3-gnutls-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 ecfaad9f1ebe4810a753c049bd7fc798724dbd5a 155726 libcurl3-gnutls_7.50.1-1ubuntu2_arm64.deb
 0d927d500abdad0dcfea5bccb416ec0c009e02bd 1200 libcurl3-nss-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 055f5f999b6df47ec872d458c11f575c02a4b45e 161624 libcurl3-nss_7.50.1-1ubuntu2_arm64.deb
 69745aa9c7ed5ab2061572b0662fd8f180750a62 158104 libcurl3_7.50.1-1ubuntu2_arm64.deb
 d3d0664813408d54dbd62aababf90307eabeca38 1286 libcurl4-gnutls-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 6750016a87a1aab52e002b5483984f867059ddd8 236726 libcurl4-gnutls-dev_7.50.1-1ubuntu2_arm64.deb
 47f1f231ab140d0da0520c1f8553a86303ca4f82 1282 libcurl4-nss-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 c8ace06b8652e5a3181806d7e9b5b5c58bb6da09 242984 libcurl4-nss-dev_7.50.1-1ubuntu2_arm64.deb
 b0a7928ba929e037abff0121dcfdad0eebaac0c0 1286 libcurl4-openssl-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 02627469e77a92ba1a35860c336fe56ae1eb18d9 238506 libcurl4-openssl-dev_7.50.1-1ubuntu2_arm64.deb
Checksums-Sha256:
 be0ebb9f781926f9a1c6a73e454419f8d06eca5de4ad4065664a3c79e21614af 1080 curl-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 4b3525c7fded42e819e1f08742990989439a4a0b5d54fd9a3ac249146f882a0b 135468 curl_7.50.1-1ubuntu2_arm64.deb
 4394fd0b9e3327e69c661c7c2d0f0a55b0a3c91b68377bffe96e62b38efb3c7d 4374060 libcurl3-dbg_7.50.1-1ubuntu2_arm64.deb
 d2e47e3312d19b7e08b3a362bb596398ccbd9b4d2189bd89e4ed63e36e700935 1196 libcurl3-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 986e75f312e65f2f6b8fe636dcda44995b5a7670dc05723ae3ad1bd0aa40239e 1202 libcurl3-gnutls-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 37cb763489ff1a05fb3e74aff61e09b07f1406277bf52d41b1db791243521fb2 155726 libcurl3-gnutls_7.50.1-1ubuntu2_arm64.deb
 8a9ae6a96aa5fe54496f5a9f8ea67bbd6bfa3f426af3f48b4519ec3099a77967 1200 libcurl3-nss-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 3d856442ed03d03efa1ae48229129c42cc6fbc0eb146927e00ad2e63b649c4f2 161624 libcurl3-nss_7.50.1-1ubuntu2_arm64.deb
 3c05ef9eb62907b8d6251c159e7fddb1704c1f5b11bce844b4418967a1224206 158104 libcurl3_7.50.1-1ubuntu2_arm64.deb
 9234cb9acd0691470f73107a83dbb21728c2bb4a33e5b1ad56e201b34f07d6ca 1286 libcurl4-gnutls-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 57ab4d2e08ced0f8abe0568ac42768daa4b9ce0fa43c5f3195242e4cf0a95440 236726 libcurl4-gnutls-dev_7.50.1-1ubuntu2_arm64.deb
 c44edbd96b78ed765a38d0d62732f04104adf2567ae12386e8b6d1c36eda68f9 1282 libcurl4-nss-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 4c116a1a02f5cb1b262f129223bc88f26caf4435bf3cb941090654aea634d895 242984 libcurl4-nss-dev_7.50.1-1ubuntu2_arm64.deb
 caa554a9e16adf56c251f1159fadb3d6c11b39738ad0d0a6decef57e623f0c42 1286 libcurl4-openssl-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 35b066453c26ef58af4c8c89f72af4a8f860b88cc8baf6ffef8067554055aa83 238506 libcurl4-openssl-dev_7.50.1-1ubuntu2_arm64.deb
Files:
 58cadb7ba90b50f90b376caf430ab9b1 1080 web extra curl-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 71838e8e23f9485358ae173d6544a3dd 135468 web optional curl_7.50.1-1ubuntu2_arm64.deb
 59cdd00633f6ce842386a60c1b95b30f 4374060 debug extra libcurl3-dbg_7.50.1-1ubuntu2_arm64.deb
 ddbc53861d841bd4a1758999982f5730 1196 libs extra libcurl3-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 66e3a26b97de5d113c689f07064785d5 1202 libs extra libcurl3-gnutls-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 81900f5cd61a64e7b82e536b7871b35f 155726 libs optional libcurl3-gnutls_7.50.1-1ubuntu2_arm64.deb
 91e1dee23cf56e8d8ea88a62a9f8381d 1200 libs extra libcurl3-nss-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 822c8100b3fc212085a8adfe0df02bc2 161624 libs optional libcurl3-nss_7.50.1-1ubuntu2_arm64.deb
 f56dadc8100b47ebf2087416453abc62 158104 libs optional libcurl3_7.50.1-1ubuntu2_arm64.deb
 6d21729d6e73a869579bc29cc422bed2 1286 libdevel extra libcurl4-gnutls-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 2b5034787e7b39c10457a510394714b7 236726 libdevel optional libcurl4-gnutls-dev_7.50.1-1ubuntu2_arm64.deb
 2aa0d543bd84da09edb278c7b48d3f41 1282 libdevel extra libcurl4-nss-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 b979d1043c7baba29e23b514fb1cda7b 242984 libdevel optional libcurl4-nss-dev_7.50.1-1ubuntu2_arm64.deb
 7b940e4c929fa02225e1ce71ec42df82 1286 libdevel extra libcurl4-openssl-dev-dbgsym_7.50.1-1ubuntu2_arm64.ddeb
 f10a63a975c546bbd2ebac446e027825 238506 libdevel optional libcurl4-openssl-dev_7.50.1-1ubuntu2_arm64.deb
Original-Maintainer: Alessandro Ghedini <ghedo@debian.org>