Format: 1.8 Date: Mon, 04 Jun 2018 16:27:47 -0700 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: arm64 Version: 7.60.0-2ubuntu1 Distribution: cosmic-proposed Urgency: low Maintainer: Launchpad Build Daemon Changed-By: Steve Langasek Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.60.0-2ubuntu1) cosmic; urgency=low . * Merge from Debian unstable. Remaining changes: - Use an if statement to conditionally disable libssh2 in Ubuntu-only * Dropped changes, included in Debian: - Build-depend on libssl-dev instead of libssl1.0-dev. - Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between openssl 1.0 and openssl 1.1. - debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer claiming compatibility. - debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for non-OpenSSL builds. * Dropped changes, include upstream: - SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write - debian/patches/CVE-2018-1000120.patch: reject path components with control codes in lib/ftp.c, add test to tests/*. - CVE-2018-1000120 - SECURITY UPDATE: LDAP NULL pointer dereference - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber() results for NULL before using in lib/openldap.c. - CVE-2018-1000121 - SECURITY UPDATE: RTSP RTP buffer over-read - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't go beyond buffer end in lib/transfer.c. - CVE-2018-1000122 - SECURITY UPDATE: FTP shutdown response buffer overflow - debian/patches/CVE-2018-1000300.patch: check data size in lib/pingpong.c. - CVE-2018-1000303 - SECURITY UPDATE: RTSP bad headers buffer over-read - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when bad response-line is parsed in lib/http.c. - CVE-2018-1000301 Checksums-Sha1: cbe73a804924a9dffe2911343bb7280a20319978 147500 curl-dbgsym_7.60.0-2ubuntu1_arm64.ddeb 876942234f160b55aadcc2680ce87106ed71c3e4 10887 curl_7.60.0-2ubuntu1_arm64.buildinfo eff2ae1d04af53247b0908feab6b63a8d7850e84 154548 curl_7.60.0-2ubuntu1_arm64.deb 16c0cc5b0e183a7a1d212b0cc0008d28c80a999d 1336920 libcurl3-gnutls-dbgsym_7.60.0-2ubuntu1_arm64.ddeb 2dadca1ada06f473f86833fd3f82db8e4ac5623d 180040 libcurl3-gnutls_7.60.0-2ubuntu1_arm64.deb 05c1c60b45035930567fe7fb0d3eb3e02fb2d3dd 1369456 libcurl3-nss-dbgsym_7.60.0-2ubuntu1_arm64.ddeb f0cee4afabdea5c975c711feeb52b8183db3c736 186292 libcurl3-nss_7.60.0-2ubuntu1_arm64.deb a17018070480833a4c61d10e24182385610ceb2f 1344504 libcurl4-dbgsym_7.60.0-2ubuntu1_arm64.ddeb fa37e2c3e4930bd2cfeccdc87a09351b44886d31 269992 libcurl4-gnutls-dev_7.60.0-2ubuntu1_arm64.deb c1423a7f3b0007521e312ac70393968ef2b1893a 276536 libcurl4-nss-dev_7.60.0-2ubuntu1_arm64.deb 9a793aebc14020411b8be2034104af878d0713cc 271080 libcurl4-openssl-dev_7.60.0-2ubuntu1_arm64.deb edd470a30ddf69f6fe3e146b522b03f019f92d19 181656 libcurl4_7.60.0-2ubuntu1_arm64.deb Checksums-Sha256: ae808043b10cce90986f78bc6c994162732320ebf0ab20bef21bfc30f6ff4dcd 147500 curl-dbgsym_7.60.0-2ubuntu1_arm64.ddeb 0756616841525b27d1fac51df9618ac1f4af900e27db6722170779afbd0390a8 10887 curl_7.60.0-2ubuntu1_arm64.buildinfo 2face5d887e7590c4a54109bd016b0bfa25628353cd2b29e246620818787de5b 154548 curl_7.60.0-2ubuntu1_arm64.deb e05b2b465f2aa7c6c1af9c0aee5aaa7db73f324dc453c08910c38e685b975c6f 1336920 libcurl3-gnutls-dbgsym_7.60.0-2ubuntu1_arm64.ddeb a2f968e2b56e2140909e2626b2ae1b97376e31c325fdccc86f3d0da82783d1c2 180040 libcurl3-gnutls_7.60.0-2ubuntu1_arm64.deb 3ec32f51e72a17278d8dcef64e4d44481106acabf1c383265fe5bfc23f749acc 1369456 libcurl3-nss-dbgsym_7.60.0-2ubuntu1_arm64.ddeb 4fe18aba2c40c20f525e8ebe11f1de868164e22bf7f11cfb023f228d85ae9081 186292 libcurl3-nss_7.60.0-2ubuntu1_arm64.deb 700c6c25994ff378c103233100a1c5bce06e415775b6cff17372745d163f43bb 1344504 libcurl4-dbgsym_7.60.0-2ubuntu1_arm64.ddeb bdda979928fd6d99a85a307331bb410e42cbfa4647620218439860cb65e6b74f 269992 libcurl4-gnutls-dev_7.60.0-2ubuntu1_arm64.deb 1a554d5d27d24a14969de12574ddb56a5abe1810ece8e5f7bb60db48651e1dad 276536 libcurl4-nss-dev_7.60.0-2ubuntu1_arm64.deb 755c27c6823db8d55d4a5efcebfa81b96ff349a88c0adcfe9d1acebe32f54fb2 271080 libcurl4-openssl-dev_7.60.0-2ubuntu1_arm64.deb 5c2cd7f9ae83d64cde16aef7d7eb0a7fb0f05439ae0dcea0e28bcbd1e99bae7e 181656 libcurl4_7.60.0-2ubuntu1_arm64.deb Files: ddef070b272911d96cfee241657b599d 147500 debug optional curl-dbgsym_7.60.0-2ubuntu1_arm64.ddeb bf9162e393e6b462e4d46f0d720ccf4d 10887 web optional curl_7.60.0-2ubuntu1_arm64.buildinfo 993208e352208be90dd78c366e0cd232 154548 web optional curl_7.60.0-2ubuntu1_arm64.deb 27b6f57a88f9e5d9532765c1788dc9c4 1336920 debug optional libcurl3-gnutls-dbgsym_7.60.0-2ubuntu1_arm64.ddeb 0f425afebd1cfc589cf212af8d725ceb 180040 libs optional libcurl3-gnutls_7.60.0-2ubuntu1_arm64.deb 26c9a35a33a935ad71ee762f64d04d8b 1369456 debug optional libcurl3-nss-dbgsym_7.60.0-2ubuntu1_arm64.ddeb 6aedf0e08d0c833ad76478727d9a4f56 186292 libs optional libcurl3-nss_7.60.0-2ubuntu1_arm64.deb adbf6580669b2661a677974dd1f3d5bf 1344504 debug optional libcurl4-dbgsym_7.60.0-2ubuntu1_arm64.ddeb 0431d8ff1ea5255d59eea9f6975a68c8 269992 libdevel optional libcurl4-gnutls-dev_7.60.0-2ubuntu1_arm64.deb c27908782b12aa224fd8044b6e8eee90 276536 libdevel optional libcurl4-nss-dev_7.60.0-2ubuntu1_arm64.deb 96245fa6ba206fe5e48b74de72523a31 271080 libdevel optional libcurl4-openssl-dev_7.60.0-2ubuntu1_arm64.deb 1bec2f0710539028e7aec8454c2ea3c0 181656 libs optional libcurl4_7.60.0-2ubuntu1_arm64.deb Original-Maintainer: Alessandro Ghedini