Format: 1.8 Date: Wed, 04 Oct 2017 09:02:01 -0400 Source: curl Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: amd64 Version: 7.35.0-1ubuntu2.11 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb) libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.35.0-1ubuntu2.11) trusty-security; urgency=medium . * SECURITY UPDATE: printf floating point buffer overflow - debian/patches/CVE-2016-9586.patch: fix floating point buffer overflow issues in lib/mprintf.c, added test to tests/data/test557, tests/libtest/lib557.c. - CVE-2016-9586 * SECURITY UPDATE: TFTP sends more than buffer size - debian/patches/CVE-2017-1000100.patch: reject file name lengths that don't fit in lib/tftp.c. - CVE-2017-1000100 * SECURITY UPDATE: URL globbing out of bounds read - debian/patches/CVE-2017-1000101.patch: do not continue parsing after a strtoul() overflow range in src/tool_urlglob.c, added test to tests/data/Makefile.am, tests/data/test1289. - CVE-2017-1000101 * SECURITY UPDATE: FTP PWD response parser out of bounds read - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path even on bad input in lib/ftp.c, added test to tests/data/Makefile.am, tests/data/test1152. - CVE-2017-1000254 * SECURITY UPDATE: --write-out out of buffer read - debian/patches/CVE-2017-7407-1.patch: fix a buffer read overrun in src/tool_writeout.c added test to tests/data/Makefile.am, tests/data/test1440, tests/data/test1441. - debian/patches/CVE-2017-7407-2.patch: check for end of input in src/tool_writeout.c added test to tests/data/Makefile.am, tests/data/test1442. - CVE-2017-7407 Checksums-Sha1: df651abed5be573c09223097047570087ca07f36 123100 curl_7.35.0-1ubuntu2.11_amd64.deb 68bf94da63db5dcd8288b936d548eb09db5e415b 956 curl-udeb_7.35.0-1ubuntu2.11_amd64.udeb 9e15505fbe83d53aa7775b0bd4a03cf9d03741c3 173878 libcurl3_7.35.0-1ubuntu2.11_amd64.deb c0ce29ebce7cf2bb8c6b9baa8c9ea133bc3cde76 840 libcurl3-udeb_7.35.0-1ubuntu2.11_amd64.udeb bb45c3f2ceb61a97830e0f51e044e8b6ecf65644 166356 libcurl3-gnutls_7.35.0-1ubuntu2.11_amd64.deb 235d51e807fdefdcc3e09609f13c349da584298c 177130 libcurl3-nss_7.35.0-1ubuntu2.11_amd64.deb a72d280c73885a9b97d58a81cfef15aff801000c 245026 libcurl4-openssl-dev_7.35.0-1ubuntu2.11_amd64.deb 84e72dbf5ee101171f684143bc974e79a1a91ad9 236922 libcurl4-gnutls-dev_7.35.0-1ubuntu2.11_amd64.deb faa15037ac95806fb9633f99a19eaa4bd80497c4 249162 libcurl4-nss-dev_7.35.0-1ubuntu2.11_amd64.deb 53a323d2e5b2a5e02fb7a79b46af4fe8d4bcc536 3218704 libcurl3-dbg_7.35.0-1ubuntu2.11_amd64.deb d98680be5da49e79f947594b139a561aa97a5b1c 1086 curl-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 580092959a2d2a8f59b915594e9a1441b200ee63 986 curl-udeb-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 28aeef65b94c2ef856118200a4e9056807eddd6f 1204 libcurl3-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 51868806da64d5f6a063a1792b29407a80fbfdbd 902 libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb c1e0b47497e70c99c0955d776c9bbbc624f05584 1204 libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 6e9a41f68b8390e49beb1d2638ec00131410020d 1202 libcurl3-nss-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 0928102e2bd405b38d5bcc01f9b622e1f29e2b9a 1286 libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb a60220b75d6464d8cd4b505177bc7e35f09871d5 1286 libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 3293c94e888e1f9d1a745b034a43e0edf42f28c0 1282 libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb Checksums-Sha256: b9540236ec7a1a726c35634aa35ab8e8d0ec4fb830a9943dd8845f1c6b72fea2 123100 curl_7.35.0-1ubuntu2.11_amd64.deb 903f98524b9dfd5ba5e51144e51553b847e94f62e18f41bda269cf2fcc692bbe 956 curl-udeb_7.35.0-1ubuntu2.11_amd64.udeb 1a02e6fd41386c538608d4a0af1620e864a11cc9ddd88f8cd6fbb3d3e9f85e34 173878 libcurl3_7.35.0-1ubuntu2.11_amd64.deb 71ca92f110c6f478bccc77551ba8343a718068e5789f93fbbc479814cbbb4164 840 libcurl3-udeb_7.35.0-1ubuntu2.11_amd64.udeb ba9dbf58d75873ed855dee80ff369d6faa6c857ebc455d5726f26f3dd58e2dfe 166356 libcurl3-gnutls_7.35.0-1ubuntu2.11_amd64.deb 51363dfc55699ac0b2d9358c9f2aee1465d077ca95f61344e8df30860968d434 177130 libcurl3-nss_7.35.0-1ubuntu2.11_amd64.deb 7eeedfcaf6b54a8205aeab247e9e02ef1a795e8261ca78bb7ff8e5232f21de78 245026 libcurl4-openssl-dev_7.35.0-1ubuntu2.11_amd64.deb 26094e21455122d7d48536b2465a06ccd6da6e43c425a858ebaf89d655e750be 236922 libcurl4-gnutls-dev_7.35.0-1ubuntu2.11_amd64.deb 5e61fddebade275b4187041c2c18cb301c566512a0faf9cb099c68989c33e3d1 249162 libcurl4-nss-dev_7.35.0-1ubuntu2.11_amd64.deb 0161d7db1b2519c1d75689581b391d44b7313ae22ee76ca06d62a414e6602cac 3218704 libcurl3-dbg_7.35.0-1ubuntu2.11_amd64.deb 2eedd97a93e51a2a366f985e6092cde931b709cc1fef428d1ea3c9f1217a9e60 1086 curl-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 460271f44a80c07446c37edc1086999124b4e379e6e881f3fb2dee892b6b4434 986 curl-udeb-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 6116bbeaf822aa026983bd49f5824f08bae50e5e14fed7cb780df3ad7e5266be 1204 libcurl3-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 8f9f40f39cbc13dd08da2c73f00606ea400db54da8c7f4487fc3041f0ad34cae 902 libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 621ee081705236b99848b25aca39b7b32439412f134270bbd41b19354197ce98 1204 libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 946bbaaf5bad1e13b1805aa22953fd5150776f154fa08d319fbdbea3384afd4a 1202 libcurl3-nss-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 4d1ef5485b7464bcea99c94ee9ef07833fdfa657bf8913dbc2ed51998f1ab860 1286 libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb a8fe8eedb5a36e7ef414808a60190ce4f729425c4a169cde20815da088cae569 1286 libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb afdeee7f95b6a1f82fe37f8e06a694b5ac44bde50858a4c265e12f561227f247 1282 libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb Files: 2794a2e0addc1dbd411b77e981c28e1d 123100 web optional curl_7.35.0-1ubuntu2.11_amd64.deb c1999bdac651fad6dfc928c6c8dad0bc 956 debian-installer optional curl-udeb_7.35.0-1ubuntu2.11_amd64.udeb 227d28658f337bee95778ad25f35e00a 173878 libs optional libcurl3_7.35.0-1ubuntu2.11_amd64.deb c3c833cf17754b49b3521d546fa2653d 840 debian-installer optional libcurl3-udeb_7.35.0-1ubuntu2.11_amd64.udeb 7bc3dbc43da2c35dff106246b2ef79d1 166356 libs optional libcurl3-gnutls_7.35.0-1ubuntu2.11_amd64.deb 4d7f064f488ef9dba088a168fca1e148 177130 libs optional libcurl3-nss_7.35.0-1ubuntu2.11_amd64.deb 90afba6f80885e68659b2b2237d22bde 245026 libdevel optional libcurl4-openssl-dev_7.35.0-1ubuntu2.11_amd64.deb e8056e4fe0485ccbfbe107ea34997479 236922 libdevel optional libcurl4-gnutls-dev_7.35.0-1ubuntu2.11_amd64.deb e9f7cbc4db050861532e1fd0da858a69 249162 libdevel optional libcurl4-nss-dev_7.35.0-1ubuntu2.11_amd64.deb a8c27f7c8ef87db17b8e8396f597ad18 3218704 debug extra libcurl3-dbg_7.35.0-1ubuntu2.11_amd64.deb dd061f354d392b8239a5d4e52f73265f 1086 web extra curl-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb b0870625f23912116f2114d2dd5da15d 986 debian-installer extra curl-udeb-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb bc0d7692342a938a435bc9853fa5b705 1204 libs extra libcurl3-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb ce67d6ef1c394c11154ade1a0c1ff0bf 902 debian-installer extra libcurl3-udeb-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb c9d778f9970ab1830cdc82770b57bf28 1204 libs extra libcurl3-gnutls-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 8cea33f74bb530d31fc0ab7f20a566fd 1202 libs extra libcurl3-nss-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 683b1e8fcc228c4fa954e369ad6744a3 1286 libdevel extra libcurl4-openssl-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb 75a766da474babcc9084a7f8cc4e4ec1 1286 libdevel extra libcurl4-gnutls-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb f1a614c7cb5a8d95f8bea4d05b641c18 1282 libdevel extra libcurl4-nss-dev-dbgsym_7.35.0-1ubuntu2.11_amd64.ddeb Original-Maintainer: Alessandro Ghedini Package-Type: udeb