curl 7.85.0-1ubuntu0.5 source package in Ubuntu
Changelog
curl (7.85.0-1ubuntu0.5) kinetic-security; urgency=medium
* SECURITY UPDATE: TELNET option IAC injection
- debian/patches/CVE-2023-27533.patch: only accept option arguments in
ascii in lib/telnet.c.
- CVE-2023-27533
* SECURITY UPDATE: SFTP path ~ resolving discrepancy
- debian/patches/CVE-2023-27534-pre1.patch: do not add '/' if homedir
ends with one in lib/curl_path.c.
- debian/patches/CVE-2023-27534.patch: create the new path with dynbuf
in lib/curl_path.c.
- CVE-2023-27534
* SECURITY UPDATE: FTP too eager connection reuse
- debian/patches/CVE-2023-27535-pre1.patch: add and use Curl_timestrcmp
in lib/netrc.c, lib/strcase.c, lib/strcase.h, lib/url.c,
lib/vauth/digest_sspi.c, lib/vtls/vtls.c.
- debian/patches/CVE-2023-27535.patch: add more conditions for
connection reuse in lib/ftp.c, lib/ftp.h, lib/url.c, lib/urldata.h.
- CVE-2023-27535
* SECURITY UPDATE: GSS delegation too eager connection re-use
- debian/patches/CVE-2023-27536.patch: only reuse connections with same
GSS delegation in lib/url.c, lib/urldata.h.
- CVE-2023-27536
* SECURITY UPDATE: SSH connection too eager reuse still
- debian/patches/CVE-2023-27538.patch: fix the SSH connection reuse
check in lib/url.c.
- CVE-2023-27538
-- Marc Deslauriers <email address hidden> Tue, 14 Mar 2023 09:55:46 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Kinetic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.85.0.orig.tar.gz | 4.0 MiB | 78a06f918bd5fde3c4573ef4f9806f56372b32ec1829c9ec474799eeee641c27 |
| curl_7.85.0.orig.tar.gz.asc | 488 bytes | 6794e4b59dea9dee2c6373be4e1b1cded5c8a9aea8bbf58c3e97f3adfe8d8474 |
| curl_7.85.0-1ubuntu0.5.debian.tar.xz | 53.2 KiB | f1f53440d7f57cba87a5d1c6cd43555f30e760445adda0b377efd110070c264f |
| curl_7.85.0-1ubuntu0.5.dsc | 3.0 KiB | 457ba5e5ba3202e6f77232563b1de06f9e62b898550382e52c68afc2954feab7 |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu kinetic.
No description available for curl in ubuntu kinetic.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu kinetic.
No description available for curl-dbgsym in ubuntu kinetic.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu kinetic.
No description available for libcurl3-gnutls in ubuntu kinetic.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu kinetic.
No description available for libcurl3-
gnutls- dbgsym in ubuntu kinetic.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu kinetic.
No description available for libcurl3-nss in ubuntu kinetic.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu kinetic.
No description available for libcurl3-nss-dbgsym in ubuntu kinetic.
- libcurl4: No summary available for libcurl4 in ubuntu kinetic.
No description available for libcurl4 in ubuntu kinetic.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu kinetic.
No description available for libcurl4-dbgsym in ubuntu kinetic.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu kinetic.
No description available for libcurl4-doc in ubuntu kinetic.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu kinetic.
No description available for libcurl4-gnutls-dev in ubuntu kinetic.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu kinetic.
No description available for libcurl4-nss-dev in ubuntu kinetic.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu kinetic.
No description available for libcurl4-
openssl- dev in ubuntu kinetic.
