-
curl (7.18.2-8ubuntu4.1) jaunty-security; urgency=low
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- add debian/patches/cert-null-cn.patch: backported upstream changes.
- CVE-2009-2417
-- Kees Cook <email address hidden> Thu, 13 Aug 2009 09:08:28 -0700
-
curl (7.18.2-8ubuntu4) jaunty; urgency=low
* SECURITY UPDATE: add fix for CVE-2009-0037 back in
- debian/patches/security_CVE-2009-0037.patch: updated patch to add missing
section to lib/easy.c
- CVE-2009-0037
-- Marc Deslauriers <email address hidden> Tue, 03 Mar 2009 19:58:20 -0500
-
curl (7.18.2-8ubuntu3) jaunty; urgency=low
* Revert last patch due to https regression (LP: #337501)
-- Jamie Strandboge <email address hidden> Tue, 03 Mar 2009 17:57:35 -0600
-
curl (7.18.2-8ubuntu2) jaunty; urgency=low
* SECURITY UPDATE: Local file exposure via redirect
- debian/patches/security_CVE-2009-0037.patch: add logic to lib/url.c and
lib/urldata.h to limit what protocols curl will automatically follow via a
redirect. By default, it now follows all protocols except FILE and SCP.
- CVE-2009-0037
-- Marc Deslauriers <email address hidden> Tue, 03 Mar 2009 16:27:30 -0500
-
curl (7.18.2-8ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes: LP: #314279
- Drop the stunnel build dependency.
- Drop the build-dependency on libdb4.5-dev
- Add build-dependency on openssh-server
- Call automake-1.9 with --add-missing --copy --force.
- Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
curl (7.18.2-8) unstable; urgency=low
* Fix "Please add support for ldap/ldaps protocols"
by changing the linker option for liblber (Closes: #506096)
-- Bhavani Shankar <email address hidden> Tue, 06 Jan 2009 12:16:22 +0530
-
curl (7.18.2-7ubuntu2) jaunty; urgency=low
* drop change:
- "Added Recommends: on ca-certificate for curl package", libcurl3
has a depends on ca-certificates already
-- Michael Vogt <email address hidden> Mon, 10 Nov 2008 13:08:07 +0100
-
curl (7.18.2-7ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
- Drop the stunnel build dependency.
- Drop the build-dependency on libdb4.5-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
- Call automake-1.9 with --add-missing --copy --force
- Added Recommends: on ca-certificate for curl package
curl (7.18.2-7) unstable; urgency=low
* disable c-ares support again, no fix yet, just get stuff working again.
curl (7.18.2-6) unstable; urgency=low
* enable c-ares support, with ipv6 support
curl (7.18.2-5) unstable; urgency=low
* /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns
"-Wl, -z, defs" (Closes: #488701), closing same bug again for
curl-config --libs command
curl (7.18.2-4) unstable; urgency=medium
* /usr/lib/pkgconfig/libcurl.pc: "pkg-config --libs libcurl" returns
"-Wl, -z, defs" (Closes: #488701)
curl (7.18.2-3) unstable; urgency=low
* removing c-ares from the dependencies
curl (7.18.2-2) unstable; urgency=medium
* blanking the "dependency_libs" line in lib*.la file to keep all the listed libs
from being linked to other libs linking to curl.
* fixing miss-linking problem by specifying liblber as a configure argument
* disabling c-ares again for stability reasons
* correcting libgssapi linking in configure.ac (patch no_com_err)
-- Michael Vogt <email address hidden> Mon, 10 Nov 2008 12:55:54 +0100
-
curl (7.18.2-1ubuntu4) intrepid; urgency=low
* Added Recommends: on ca-certificate for curl package (LP: #152781).
-- Nick Ellery <email address hidden> Fri, 10 Oct 2008 23:32:54 -0700