-
curl (7.18.0-1ubuntu2.4) hardy-security; urgency=low
* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
- debian/patches/curl-tailmatch.patch: enforce strict subdomain match
when sending cookies. Patch from YAMADA Yasuharu.
- http://curl.haxx.se/curl-tailmatch.patch
- CVE-2013-1944
-- Seth Arnold <email address hidden> Thu, 11 Apr 2013 14:11:37 -0700
-
curl (7.18.0-1ubuntu2.3) hardy-security; urgency=low
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192
* SECURITY UPDATE: libcurl zlib automatic decompression callback
data buffer overflow
- debian/patches/libcurl-contentencoding.patch: restrict amount of
callback data sent to an application
- CVE-2010-0734
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- debian/patches/series: adjust patch ordering so that
debian/patches/cert-null-cn gets applied at build time
- CVE-2009-2417
-- Steve Beattie <email address hidden> Wed, 08 Jun 2011 16:51:02 -0700
-
curl (7.18.0-1ubuntu2.2) hardy-security; urgency=low
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- add debian/patches/cert-null-cn: backported upstream changes.
- CVE-2009-2417
-- Kees Cook <email address hidden> Thu, 13 Aug 2009 09:12:09 -0700
-
curl (7.18.0-1ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: Local file exposure via redirect
- debian/patches/security-CVE-2009-0037.patch: add logic to
include/curl/curl.h, lib/{easy,url}.c and lib/urldata.h to limit what
protocols curl will automatically follow via a redirect. By default, it
now follows all protocols except FILE and SCP.
- CVE-2009-0037
-- Marc Deslauriers <email address hidden> Thu, 26 Feb 2009 15:22:47 -0500
-
curl (7.18.0-1ubuntu2) hardy; urgency=low
* Use automake-1.9, as used by upstream.
-- Matthias Klose <email address hidden> Fri, 08 Feb 2008 13:24:07 +0000
-
curl (7.18.0-1ubuntu1) hardy; urgency=low
* Merge from Debian; remaining changes:
- Drop the stunnel build dependency.
- Drop the build-dependency on libdb4.5-dev, add build-dependency on
openssh-server.
- Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
curl (7.18.0-1) unstable; urgency=low
* New upstream release.
* Use Homepage field in debian/control.
-- Matthias Klose <email address hidden> Fri, 08 Feb 2008 11:20:41 +0000
-
curl (7.17.1-1ubuntu4) hardy; urgency=low
* No-change rebuild against libldap-2.4-2.
-- Steve Langasek <email address hidden> Tue, 22 Jan 2008 17:17:51 +0000
-
curl (7.17.1-1ubuntu3) hardy; urgency=low
* And drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
-- Steve Kowalik <email address hidden> Fri, 21 Dec 2007 00:55:12 +1100
-
curl (7.17.1-1ubuntu2) hardy; urgency=low
* Drop libssh2-1-dev (universe) from Build-Depends (LP: #175891).
-- Michael Bienia <email address hidden> Wed, 12 Dec 2007 16:27:27 +0100
-
curl (7.17.1-1ubuntu1) hardy; urgency=low
* Merge with Debian; remaining changes:
- Drop the stunnel build dependency.
* Drop the build-dependency on libdb4.5-dev, add build-dependency on
openssh-server.
-- Matthias Klose <email address hidden> Tue, 04 Dec 2007 01:09:30 +0100
-
curl (7.16.4-2ubuntu1) gutsy; urgency=low
* Merge with Debian; remaining changes:
- Drop the stunnel build dependency.
curl (7.16.4-2) unstable; urgency=low
* Fixed regression with FTP sites not requesting PASS (closes: #435771).
-- Matthias Klose <email address hidden> Thu, 09 Aug 2007 09:16:47 +0200
