Format: 1.8
Date: Wed, 02 Nov 2016 15:17:12 -0400
Source: curl
Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: amd64
Version: 7.35.0-1ubuntu2.10
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-18.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 curl       - command line tool for transferring data with URL syntax
 curl-udeb  - Get a file from an HTTP, HTTPS or FTP server (udeb)
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes: 
 curl (7.35.0-1ubuntu2.10) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
     - debian/patches/CVE-2016-7141.patch: refuse previously loaded
       certificate from file in lib/vtls/nss.c.
     - CVE-2016-7141
   * SECURITY UPDATE: curl escape and unescape integer overflows
     - debian/patches/CVE-2016-7167.patch: deny negative string length
       inputs in lib/escape.c.
     - CVE-2016-7167
   * SECURITY UPDATE: cookie injection for other servers
     - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
       lib/cookie.c.
     - CVE-2016-8615
   * SECURITY UPDATE: case insensitive password comparison
     - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
       comparisons in lib/url.c.
     - CVE-2016-8616
   * SECURITY UPDATE: OOB write via unchecked multiplication
     - debian/patches/CVE-2016-8617.patch: check for integer overflow on
       large input in lib/base64.c.
     - CVE-2016-8617
   * SECURITY UPDATE: double-free in curl_maprintf
     - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
       allocation in lib/mprintf.c.
     - CVE-2016-8618
   * SECURITY UPDATE: double-free in krb5 code
     - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
     - CVE-2016-8619
   * SECURITY UPDATE: glob parser write/read out of bounds
     - debian/patches/CVE-2016-8620.patch: stay within bounds in
       src/tool_urlglob.c.
     - CVE-2016-8620
   * SECURITY UPDATE: curl_getdate read out of bounds
     - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
       lib/parsedate.c, added tests to tests/data/test517,
       tests/libtest/lib517.c.
     - CVE-2016-8621
   * SECURITY UPDATE: URL unescape heap overflow via integer truncation
     - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
       lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
     - CVE-2016-8622
   * SECURITY UPDATE: Use-after-free via shared cookies
     - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
       in lib/cookie.c, lib/cookie.h, lib/http.c.
     - CVE-2016-8623
   * SECURITY UPDATE: invalid URL parsing with #
     - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
       lib/url.c.
     - CVE-2016-8624
Checksums-Sha1: 
 30c11965622d102160daaf3659af252418f32b6f 123132 curl_7.35.0-1ubuntu2.10_amd64.deb
 4fcb3f4bbf66cb2c99322deecc4813c86990293f 958 curl-udeb_7.35.0-1ubuntu2.10_amd64.udeb
 6143f95bb52263dd65128cf1c54f6cefe743dcb3 173034 libcurl3_7.35.0-1ubuntu2.10_amd64.deb
 1c95e7a2b8847226982edb3c18c75289f7afa51e 840 libcurl3-udeb_7.35.0-1ubuntu2.10_amd64.udeb
 297e182c709d36e9eac3e7d9c2234d6ff0bd1ae8 165948 libcurl3-gnutls_7.35.0-1ubuntu2.10_amd64.deb
 088def64985d20c2e17fede8b6eaafde5fd3e4c9 176478 libcurl3-nss_7.35.0-1ubuntu2.10_amd64.deb
 92fb8194bd1f75e8e902f673c1b20848cfd4c011 243820 libcurl4-openssl-dev_7.35.0-1ubuntu2.10_amd64.deb
 a8111e3866d3b265f1c690ea201129c3eef4b8bb 236062 libcurl4-gnutls-dev_7.35.0-1ubuntu2.10_amd64.deb
 e5d04a469117d8279c7309fddb5b119a30c88f34 247970 libcurl4-nss-dev_7.35.0-1ubuntu2.10_amd64.deb
 0e9b4716de052702181ed9c03313d476fbb1b991 3215326 libcurl3-dbg_7.35.0-1ubuntu2.10_amd64.deb
 20e0a3b5a11f7df254d3c20fea73ab0f061720fc 1084 curl-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 bb113aaf3858c404032e4050196d03f13cd32087 986 curl-udeb-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 3cde226c7d6edef939a2321718847ea74fd0c5d5 1202 libcurl3-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 2c606e5dedee1e4a8a1e0d28f6c385f27421e9ed 904 libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 d7bb9424d42d1b6baf5d35b8de5f86509421048c 1206 libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 ef019671c951ec2d02d96bb3eee1796aa012bcb7 1202 libcurl3-nss-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 aecf03e94c2ecb681938f21395f17b17d05c8a82 1286 libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 76a5f183ca80df8ef1b3e7ac1c41b562611921ad 1286 libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 333d5cf2e5f58ebe29de0de994734a7c30788133 1282 libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
Checksums-Sha256: 
 b12c6532b130138caee0ca68d3ea2cc42812801e7e2951bbe5db3ed936bc7f17 123132 curl_7.35.0-1ubuntu2.10_amd64.deb
 85fa10f7ce01489921223ee082150f7f3b4701c9161657094c1df795017b7370 958 curl-udeb_7.35.0-1ubuntu2.10_amd64.udeb
 26ab152044dd852f973c7b1855d7c7478e41f2b38344fd8dba4cc730d765dcb0 173034 libcurl3_7.35.0-1ubuntu2.10_amd64.deb
 5473fbe02b654b6f9bc6a8762a46ef5e963e628040a8426f020144c6053cc39a 840 libcurl3-udeb_7.35.0-1ubuntu2.10_amd64.udeb
 d04778a43afeac05360dcbc861016b55458f4c8bacdf7b41e6b20bc23e49194f 165948 libcurl3-gnutls_7.35.0-1ubuntu2.10_amd64.deb
 2e1f5d601422e6ee2fbeb43378c725a050d49f8ae952f3be20715d9735c3ac7e 176478 libcurl3-nss_7.35.0-1ubuntu2.10_amd64.deb
 f6cef6eacc2a32cf5c969efd6cc5c7161f8a4b8ad1116e49094365bb10bfacbc 243820 libcurl4-openssl-dev_7.35.0-1ubuntu2.10_amd64.deb
 0479145174816c397d866d4216bab4577447ec47a537aac5749f712210fe4e93 236062 libcurl4-gnutls-dev_7.35.0-1ubuntu2.10_amd64.deb
 1d7c06d937804c4dbd5fb37799ef0f774dc2982e0661659d2dbde569cd822a3b 247970 libcurl4-nss-dev_7.35.0-1ubuntu2.10_amd64.deb
 0fe69c3bd17af19fd68ff1f0fff968c722c45548e5ec46d892790c82e8243d96 3215326 libcurl3-dbg_7.35.0-1ubuntu2.10_amd64.deb
 c351c1ef9bcae8f3b2f6f83608b2c579bde960911978454701b024d73b9f7b65 1084 curl-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 39f44fb904d2173671baf7ef87326fb5d13acd124efb1665807f3e0af7eff916 986 curl-udeb-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 d47baa9ae926106a9afebce054759fc6f9ad937b6d3d9ae4df78ddc3e50eda05 1202 libcurl3-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 8f65f2c7719fc44e97b637fd5b38670fdba612590fe918eaf38c2ac4eb2d38db 904 libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 1cdbce7fecf4be0a85332a748b8770ad2b9a639179e08ed8108baa8d81b66bca 1206 libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 103c8f231b453195aaddc8e61e0911062eb890f5bd8db9cd3e5be9fe8ec8326e 1202 libcurl3-nss-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 880a87961be5c10cc912aeaf30f5197762968b45dc065248b22872fa8bff308d 1286 libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 4d519f7ec0c96b9eac7d15db93f10a0fa1fdff3b322b91bb9359c56d878d5223 1286 libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 2a63632ab5618ebcc8a0f844a8b560ebac76e9949312f25e7641ce8e025c7edf 1282 libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
Files: 
 04dc350f69ea3e17cb53f75d1b838001 123132 web optional curl_7.35.0-1ubuntu2.10_amd64.deb
 76faa82b869c004e2492de3f4cfa01c2 958 debian-installer optional curl-udeb_7.35.0-1ubuntu2.10_amd64.udeb
 890f1b80ff758cea5d8fb1df2b4d22ca 173034 libs optional libcurl3_7.35.0-1ubuntu2.10_amd64.deb
 b6cef3390e20fbe3da3942dcb2577a2e 840 debian-installer optional libcurl3-udeb_7.35.0-1ubuntu2.10_amd64.udeb
 e5c2286e7c33cdc3e77e2c0929e33c4f 165948 libs optional libcurl3-gnutls_7.35.0-1ubuntu2.10_amd64.deb
 a8fc8a4471a6d726cc6cb645ad55bbfd 176478 libs optional libcurl3-nss_7.35.0-1ubuntu2.10_amd64.deb
 e6fa67fae6455747d67cb22b17287e87 243820 libdevel optional libcurl4-openssl-dev_7.35.0-1ubuntu2.10_amd64.deb
 a84e866c92bc757b82c086c704abf127 236062 libdevel optional libcurl4-gnutls-dev_7.35.0-1ubuntu2.10_amd64.deb
 c79f9c2a63cdf96d1ff07b2429ec24e6 247970 libdevel optional libcurl4-nss-dev_7.35.0-1ubuntu2.10_amd64.deb
 a23084f460e9482c5160bea96bce5914 3215326 debug extra libcurl3-dbg_7.35.0-1ubuntu2.10_amd64.deb
 25530b93f639fefadf9fe35eeb1460ee 1084 web extra curl-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 bbab8c7d3fb9220e8eec8a020b7d61d5 986 debian-installer extra curl-udeb-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 12c1e4ef60e6a7f90dc6c2dda7e8ad53 1202 libs extra libcurl3-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 afd61c35b716f47296d1c4ad78e00311 904 debian-installer extra libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 b954e51541b77c8ce9699eba5d40a34f 1206 libs extra libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 24f770d73d00977cb9258b8cec2bf555 1202 libs extra libcurl3-nss-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 142d987f5dc9200de8c8f10203033220 1286 libdevel extra libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 be8805f1526ea51c84d7c7259c4ead22 1286 libdevel extra libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
 3d27a9924c759d8edc63669266741f65 1282 libdevel extra libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.10_amd64.ddeb
Original-Maintainer: Alessandro Ghedini <ghedo@debian.org>
Package-Type: udeb