Format: 1.8 Date: Wed, 04 Oct 2017 08:38:54 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: arm64 Version: 7.52.1-4ubuntu1.2 Distribution: zesty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.52.1-4ubuntu1.2) zesty-security; urgency=medium . * SECURITY UPDATE: TFTP sends more than buffer size - debian/patches/CVE-2017-1000100.patch: reject file name lengths that don't fit in lib/tftp.c. - CVE-2017-1000100 * SECURITY UPDATE: URL globbing out of bounds read - debian/patches/CVE-2017-1000101.patch: do not continue parsing after a strtoul() overflow range in src/tool_urlglob.c, added test to tests/data/Makefile.inc, tests/data/test1289. - CVE-2017-1000101 * SECURITY UPDATE: FTP PWD response parser out of bounds read - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path even on bad input in lib/ftp.c, added test to tests/data/Makefile.inc, tests/data/test1152. - CVE-2017-1000254 * SECURITY UPDATE: --write-out out of buffer read - debian/patches/CVE-2017-7407-2.patch: check for end of input in src/tool_writeout.c added test to tests/data/Makefile.inc, tests/data/test1442. - CVE-2017-7407 Checksums-Sha1: 669ccd29dcd4b87d9f2c1bb8cece89bc357a9ba2 1092 curl-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb be91eaae6cf3db072c58aabdf2a20d32781fe5ff 140724 curl_7.52.1-4ubuntu1.2_arm64.deb 5f55a052b6d52a59fe06932fb4fd587b91ea4c20 4517664 libcurl3-dbg_7.52.1-4ubuntu1.2_arm64.deb 80967cda2cb89c5a654a67f63412a59eca1bd6c6 1208 libcurl3-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 6c95454564693f0c47788df12b6693aab9662235 1212 libcurl3-gnutls-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 76bb4710432a71a6957a9afe8cf3e56c189a54de 159874 libcurl3-gnutls_7.52.1-4ubuntu1.2_arm64.deb 3111b600ee53a6266559c51040c87723ac4531ca 1212 libcurl3-nss-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 029d72e62fc6ed2d991d09f024609fd771757ee1 164724 libcurl3-nss_7.52.1-4ubuntu1.2_arm64.deb e578625721ddb5f4146e305ab76bc36826993255 160972 libcurl3_7.52.1-4ubuntu1.2_arm64.deb 14fa54bf0c378f24fdcc5d16da13a605d118f82d 1298 libcurl4-gnutls-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 791e7d5ff6d8fa49020696aa74a697eac3f6b99f 242076 libcurl4-gnutls-dev_7.52.1-4ubuntu1.2_arm64.deb e88a8e7aa0240d5cd05298afff153b4880040fdd 1292 libcurl4-nss-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 9cccde83445be272f5a4490b7f1157866d0d662c 247516 libcurl4-nss-dev_7.52.1-4ubuntu1.2_arm64.deb 92a22ffe2fe775856a95e3bd52965e080cc872e2 1296 libcurl4-openssl-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb a9e059b5d1356cb578e39a97305cbf5f8ed096c7 243256 libcurl4-openssl-dev_7.52.1-4ubuntu1.2_arm64.deb Checksums-Sha256: 136b76245475ca545e212dadfdd013564a5ee49d683c4ac552370aeea8aa1dc6 1092 curl-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 824f3119a24f137540cfff74c6df40008479c88f41460988731bd1d09f4ea2dd 140724 curl_7.52.1-4ubuntu1.2_arm64.deb b8ecdfc427d42977ed5a1286a0675a731dcb769cc767a4f6c6921ab085c51808 4517664 libcurl3-dbg_7.52.1-4ubuntu1.2_arm64.deb a52cbd586395707f26d7cb8f0515a1c04c34348f959e7bedac94d1349bbd41a4 1208 libcurl3-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 26b2f7ae93f36ed709b8f38a587f2d9cac7c0b71228d9bbc6e69ed3ddb92f0c0 1212 libcurl3-gnutls-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 6d057c0bf70983f573ed58f298c2018ac7ab404db2cc28e2aea721deaf12d168 159874 libcurl3-gnutls_7.52.1-4ubuntu1.2_arm64.deb 07a944085c52993d37a8d3176bdbbf97dff98bd75c24b4e74dc22aa52fb252bb 1212 libcurl3-nss-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 9e594bb567095f588bf7ffea07a8ce006e80a83030e54f2a8880ec15a83dcd72 164724 libcurl3-nss_7.52.1-4ubuntu1.2_arm64.deb 38277f3d0cc1a5cc71aefba428312335af0e4df6d12f01b3774b5080bb371694 160972 libcurl3_7.52.1-4ubuntu1.2_arm64.deb b77464a2b3174b1ae99fe55901eef87d3e4927d08d65a2e60c21d616d65b75a5 1298 libcurl4-gnutls-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb f607ed37cb3ab7e39513161a53fb1929bfcaf15641500b8c071e5ffe7e0c2d12 242076 libcurl4-gnutls-dev_7.52.1-4ubuntu1.2_arm64.deb 77de5bf31226457f0a33e0e118913f982b9091d7e4dbce9d4c65607bb3d1c52b 1292 libcurl4-nss-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 76d4d05981e6d2a0dd8f40c2ccbc4430daee52cafbca371688618359f576bed2 247516 libcurl4-nss-dev_7.52.1-4ubuntu1.2_arm64.deb 09c4eaaefdf136f967eefb3ac21f653800fcd58432c50793634ce77c79974b31 1296 libcurl4-openssl-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb b796977dce0b1f426e73d3fbd09801ebb6ceb576ff1f29d89019e2c59875560d 243256 libcurl4-openssl-dev_7.52.1-4ubuntu1.2_arm64.deb Files: 1a31c07e1df9ba02d853f0d433d2d2a8 1092 web extra curl-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb b5a004a83f29a789a62f314cba4f99b5 140724 web optional curl_7.52.1-4ubuntu1.2_arm64.deb 8f9ab17fdcedd4963c22b3832940c24f 4517664 debug extra libcurl3-dbg_7.52.1-4ubuntu1.2_arm64.deb 8bdde1385bfd137bd43ca005d00dd334 1208 libs extra libcurl3-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 8bc3b7d9357f62dcaa00580947384438 1212 libs extra libcurl3-gnutls-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb e922aacf0c6035c29ec3ef9305ee727a 159874 libs optional libcurl3-gnutls_7.52.1-4ubuntu1.2_arm64.deb 46834b5c38652a344ec23438088b4afa 1212 libs extra libcurl3-nss-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 43efe53cc1f0bdc5f6b4998852f1e030 164724 libs optional libcurl3-nss_7.52.1-4ubuntu1.2_arm64.deb 2a59c44b6eae46904f36a2c95fa3946a 160972 libs optional libcurl3_7.52.1-4ubuntu1.2_arm64.deb a17e79c1a1d20b6390428737d452fa21 1298 libdevel extra libcurl4-gnutls-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb 754e6a0e871ab0130497ca7132295f8a 242076 libdevel optional libcurl4-gnutls-dev_7.52.1-4ubuntu1.2_arm64.deb b8375541f7221a3769b2fd53bb80990e 1292 libdevel extra libcurl4-nss-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb e7ed71e48ab25467a7ff3ce751e146b9 247516 libdevel optional libcurl4-nss-dev_7.52.1-4ubuntu1.2_arm64.deb d8594db08c0a853b4832e0edcda570c9 1296 libdevel extra libcurl4-openssl-dev-dbgsym_7.52.1-4ubuntu1.2_arm64.ddeb c21a1a25e4134bfe2618eba292b63e54 243256 libdevel optional libcurl4-openssl-dev_7.52.1-4ubuntu1.2_arm64.deb Original-Maintainer: Alessandro Ghedini