Format: 1.8 Date: Wed, 02 Nov 2016 13:45:25 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: s390x Version: 7.50.1-1ubuntu1.1 Distribution: yakkety Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.50.1-1ubuntu1.1) yakkety-security; urgency=medium . * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/vtls/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: glob parser write/read out of bounds - debian/patches/CVE-2016-8620.patch: stay within bounds in src/tool_urlglob.c. - CVE-2016-8620 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 Checksums-Sha1: 1f565ab13ce7a909492a0be04e85247cde50be81 1084 curl-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 9a731ae33c20da9d1caa031c846fbc3aadecf4f2 139046 curl_7.50.1-1ubuntu1.1_s390x.deb 2e98d3507c611fc2ed1ce1d7dbd290d09b5964ac 4565664 libcurl3-dbg_7.50.1-1ubuntu1.1_s390x.deb cd39e6052bdeba0a66c3eb9a8f77435137134d4f 1202 libcurl3-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 2961c2885ae12e19b81bc3e2c3b07f098994621d 1208 libcurl3-gnutls-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb f5a0e78f8b2f4c64abef963d2652745b2b4ace0e 172864 libcurl3-gnutls_7.50.1-1ubuntu1.1_s390x.deb dd8b0d45af077f2d58a84a2f9740fc7cd4cd4ab1 1204 libcurl3-nss-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 0e285deb4e8502cbe4b6db8717ea26978d0db7ca 179582 libcurl3-nss_7.50.1-1ubuntu1.1_s390x.deb ad6fdf8f8665b05a99dcf19a1b103b8dd8e061ab 175732 libcurl3_7.50.1-1ubuntu1.1_s390x.deb 8fac37b23a148a37dcb864ba4c0858ad3e5d3de2 1290 libcurl4-gnutls-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 2abcc906deed1f70b77e627eb2c9dfe94bfcfe7a 251962 libcurl4-gnutls-dev_7.50.1-1ubuntu1.1_s390x.deb 2f29bab06e5fce2a199848c0ad9195a78b596577 1284 libcurl4-nss-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 8addeae51b0eb849c693b9a2e6297ee9eb415e48 258538 libcurl4-nss-dev_7.50.1-1ubuntu1.1_s390x.deb 832615329453cb9c846170bb6c53d70035b792d7 1290 libcurl4-openssl-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 4259ec2f1c736fcbe0250bfe027726438e38e23a 253472 libcurl4-openssl-dev_7.50.1-1ubuntu1.1_s390x.deb Checksums-Sha256: 00ea3326d6d90b4608eebc99315433606d1df8b2294849affb7d51e90fd812cb 1084 curl-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb b958c2ce94f7704bdd1f891c094220c7cf78dc16d019e9808cc6696fc2783dd2 139046 curl_7.50.1-1ubuntu1.1_s390x.deb 85e60ed104776a326531c54cb0ffd20aae0b910dc90c892107f452df2890dd3c 4565664 libcurl3-dbg_7.50.1-1ubuntu1.1_s390x.deb a44fb705523d923865108ed341b75177f9f36d18b9999a1f8dcbbfd6542cb45c 1202 libcurl3-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb ac2b2fa66f5f9ad17057e3a5ca42b838cfd60aa4aa9cb23d843339f8bb11e4b7 1208 libcurl3-gnutls-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb ffd7d486d635b8b2e2bcc6f7d0c2b1706a2805d2eb400cab49d9a1b043516a76 172864 libcurl3-gnutls_7.50.1-1ubuntu1.1_s390x.deb 072673f2fc06b0cf9933a20a8e2cf92edbcb5bfa0b03357c35dd7d94f1fb2107 1204 libcurl3-nss-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb b0b6f6b51f136c160f8694b476bffa646e30bf4abfe84898bd10b3631699519b 179582 libcurl3-nss_7.50.1-1ubuntu1.1_s390x.deb 7b65a06368eb535b939fbcd1e67da49212afffa7d3b41817bea601cbcbd56e7a 175732 libcurl3_7.50.1-1ubuntu1.1_s390x.deb c0d7f85e63d0b5614de6cc7ee91c27cff4f88f0171ba3fc3095073893f7a7b02 1290 libcurl4-gnutls-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 8acd89a925afac70c7efcbcf76aca6253206eb38334686547dd405173c65a51b 251962 libcurl4-gnutls-dev_7.50.1-1ubuntu1.1_s390x.deb cc079330086d3ecb1e22637b9ec9ed52dc8fff24e407083ac6d50dc33f695726 1284 libcurl4-nss-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb a9e923f0d413f5ae95b17da3e1ee720147519d3eb9aeae532289125c8f5d39f1 258538 libcurl4-nss-dev_7.50.1-1ubuntu1.1_s390x.deb 882918de8d1af32dc24e18a52485fd3700a6c02c0bfd92d92a8e020ed4f5b161 1290 libcurl4-openssl-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb b6e3695142ddba45680320f54595b0f06a2eb0b32733fbc545a7d5a88ed130c5 253472 libcurl4-openssl-dev_7.50.1-1ubuntu1.1_s390x.deb Files: 435e4fc6188be765325efd0500eac3f0 1084 web extra curl-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 044d03fb0ff9d2e1c10d62d9430c0189 139046 web optional curl_7.50.1-1ubuntu1.1_s390x.deb 0e657cbcfddbab8dfa73b1f16c518ba0 4565664 debug extra libcurl3-dbg_7.50.1-1ubuntu1.1_s390x.deb 8af5372241ccc3e827e07bf8aa3d7fd9 1202 libs extra libcurl3-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb af4662cec16801aa1659eb1bbaf12c6c 1208 libs extra libcurl3-gnutls-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 2b33452ae28c25404ab30c6af647daf0 172864 libs optional libcurl3-gnutls_7.50.1-1ubuntu1.1_s390x.deb 8be3e08226adb5acf88b64012f33498c 1204 libs extra libcurl3-nss-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 697a7d2b32f404e3042063ed49485e06 179582 libs optional libcurl3-nss_7.50.1-1ubuntu1.1_s390x.deb aa5ea9b57f44b7fc55937214eda981d0 175732 libs optional libcurl3_7.50.1-1ubuntu1.1_s390x.deb b0a3d283d86c15180a2ce11eb2625778 1290 libdevel extra libcurl4-gnutls-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb ea1c5961f6fd24a694f5f185411f087f 251962 libdevel optional libcurl4-gnutls-dev_7.50.1-1ubuntu1.1_s390x.deb fe16f8a02100392e3c26d47abfcfdffc 1284 libdevel extra libcurl4-nss-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb ef43ee9a1f077d8576fabbae195db9f2 258538 libdevel optional libcurl4-nss-dev_7.50.1-1ubuntu1.1_s390x.deb 3f625458ce727bbad1608c2d635943a0 1290 libdevel extra libcurl4-openssl-dev-dbgsym_7.50.1-1ubuntu1.1_s390x.ddeb 654b0bbe0e3902d7c1f2eadd70c67610 253472 libdevel optional libcurl4-openssl-dev_7.50.1-1ubuntu1.1_s390x.deb Original-Maintainer: Alessandro Ghedini