curl 7.68.0-1ubuntu4.2 source package in Ubuntu

Changelog

curl (7.68.0-1ubuntu4.2) groovy-security; urgency=medium

  * SECURITY UPDATE: wrong connect-only connection
    - debian/patches/CVE-2020-8231.patch: remember last connection by id,
      not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c,
      lib/urldata.h.
    - CVE-2020-8231
  * SECURITY UPDATE: FTP redirect to malicious host via PASV response
    - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by
      default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*.
    - CVE-2020-8284
  * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl
    - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of
      recurse in lib/ftp.c.
    - CVE-2020-8285
  * SECURITY UPDATE: Inferior OCSP verification
    - debian/patches/CVE-2020-8286.patch: make the OCSP verification verify
      the certificate id in lib/vtls/openssl.c.
    - CVE-2020-8286

 -- Marc Deslauriers <email address hidden>  Mon, 30 Nov 2020 10:49:53 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
curl_7.68.0.orig.tar.gz 3.9 MiB 1dd7604e418b0b9a9077f62f763f6684c1b092a7bc17e3f354b8ad5c964d7358
curl_7.68.0-1ubuntu4.2.debian.tar.xz 37.7 KiB e905483d4ca0d0da09f646436dcdc5819f15fa32cc9d819a0fd8de9c52180df2
curl_7.68.0-1ubuntu4.2.dsc 2.7 KiB 8081042a9fa0507e010cf0342deeeeeecb992e1e2f118488eaabc5e54ac2f64c

View changes file

Binary packages built by this source

curl: No summary available for curl in ubuntu groovy.

No description available for curl in ubuntu groovy.

curl-dbgsym: No summary available for curl-dbgsym in ubuntu groovy.

No description available for curl-dbgsym in ubuntu groovy.

libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu groovy.

No description available for libcurl3-gnutls in ubuntu groovy.

libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu groovy.

No description available for libcurl3-gnutls-dbgsym in ubuntu groovy.

libcurl3-nss: No summary available for libcurl3-nss in ubuntu groovy.

No description available for libcurl3-nss in ubuntu groovy.

libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu groovy.

No description available for libcurl3-nss-dbgsym in ubuntu groovy.

libcurl4: No summary available for libcurl4 in ubuntu groovy.

No description available for libcurl4 in ubuntu groovy.

libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu groovy.

No description available for libcurl4-dbgsym in ubuntu groovy.

libcurl4-doc: No summary available for libcurl4-doc in ubuntu groovy.

No description available for libcurl4-doc in ubuntu groovy.

libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu groovy.

No description available for libcurl4-gnutls-dev in ubuntu groovy.

libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu groovy.

No description available for libcurl4-nss-dev in ubuntu groovy.

libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu groovy.

No description available for libcurl4-openssl-dev in ubuntu groovy.