curl 7.68.0-1ubuntu4.2 source package in Ubuntu
Changelog
curl (7.68.0-1ubuntu4.2) groovy-security; urgency=medium
* SECURITY UPDATE: wrong connect-only connection
- debian/patches/CVE-2020-8231.patch: remember last connection by id,
not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c,
lib/urldata.h.
- CVE-2020-8231
* SECURITY UPDATE: FTP redirect to malicious host via PASV response
- debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by
default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*.
- CVE-2020-8284
* SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl
- debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of
recurse in lib/ftp.c.
- CVE-2020-8285
* SECURITY UPDATE: Inferior OCSP verification
- debian/patches/CVE-2020-8286.patch: make the OCSP verification verify
the certificate id in lib/vtls/openssl.c.
- CVE-2020-8286
-- Marc Deslauriers <email address hidden> Mon, 30 Nov 2020 10:49:53 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.68.0.orig.tar.gz | 3.9 MiB | 1dd7604e418b0b9a9077f62f763f6684c1b092a7bc17e3f354b8ad5c964d7358 |
| curl_7.68.0-1ubuntu4.2.debian.tar.xz | 37.7 KiB | e905483d4ca0d0da09f646436dcdc5819f15fa32cc9d819a0fd8de9c52180df2 |
| curl_7.68.0-1ubuntu4.2.dsc | 2.7 KiB | 8081042a9fa0507e010cf0342deeeeeecb992e1e2f118488eaabc5e54ac2f64c |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu groovy.
No description available for curl in ubuntu groovy.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu groovy.
No description available for curl-dbgsym in ubuntu groovy.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu groovy.
No description available for libcurl3-gnutls in ubuntu groovy.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu groovy.
No description available for libcurl3-
gnutls- dbgsym in ubuntu groovy.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu groovy.
No description available for libcurl3-nss in ubuntu groovy.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu groovy.
No description available for libcurl3-nss-dbgsym in ubuntu groovy.
- libcurl4: No summary available for libcurl4 in ubuntu groovy.
No description available for libcurl4 in ubuntu groovy.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu groovy.
No description available for libcurl4-dbgsym in ubuntu groovy.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu groovy.
No description available for libcurl4-doc in ubuntu groovy.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu groovy.
No description available for libcurl4-gnutls-dev in ubuntu groovy.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu groovy.
No description available for libcurl4-nss-dev in ubuntu groovy.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu groovy.
No description available for libcurl4-
openssl- dev in ubuntu groovy.
