Format: 1.8 Date: Wed, 14 Mar 2018 09:04:46 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: ppc64el Version: 7.47.0-1ubuntu2.7 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.7) xenial-security; urgency=medium . * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write - debian/patches/CVE-2018-1000120-pre1.patch: avoid using curl_easy_unescape() internally in lib/ftp.c. - debian/patches/CVE-2018-1000120-pre2.patch: URL decode path for dir listing in nocwd mode in lib/ftp.c, add test to tests/*. - debian/patches/CVE-2018-1000120-pre3.patch: remove dead code in ftp_done in lib/ftp.c. - debian/patches/CVE-2018-1000120-pre4.patch: don't clobber the passed in error code in lib/ftp.c. - debian/patches/CVE-2018-1000120.patch: reject path components with control codes in lib/ftp.c, add test to tests/*. - CVE-2018-1000120 * SECURITY UPDATE: LDAP NULL pointer dereference - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber() results for NULL before using in lib/openldap.c. - CVE-2018-1000121 * SECURITY UPDATE: RTSP RTP buffer over-read - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't go beyond buffer end in lib/transfer.c. - CVE-2018-1000122 Checksums-Sha1: 82207ea15490a5a7cef62618b6bb50adbcd0cd28 1086 curl-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb c02287eb42cf321c2c13c7b3c528c532d553d916 136276 curl_7.47.0-1ubuntu2.7_ppc64el.deb 1cb480310ecfe988f2bf7168ed755ac87a7085ff 3684458 libcurl3-dbg_7.47.0-1ubuntu2.7_ppc64el.deb 5c6df249cc540c31d939b01d7850c57c0f4efda4 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 63daef36e7a2f7e8d1f749e18d0a155c21bebc8e 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 58e0122f0255864fa781bf8cd34070acf8635ec4 177526 libcurl3-gnutls_7.47.0-1ubuntu2.7_ppc64el.deb a4ceaf219f35188b6ab71d0ec3a2a1e6104a10af 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 686f733db99d2b3cbeae54b344d697961f1e9de9 183274 libcurl3-nss_7.47.0-1ubuntu2.7_ppc64el.deb e84366ada331552cedcc58d6fe6adcbe6bb1ce54 178344 libcurl3_7.47.0-1ubuntu2.7_ppc64el.deb d1ec6925d31a9756f4b328461361417a6c5571e5 1290 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 84dbbe500ef80a4f9a5a503bdab55d706fe4b49d 261512 libcurl4-gnutls-dev_7.47.0-1ubuntu2.7_ppc64el.deb 13d4be2f1547070b7ab3edffa4e605b611e53bc9 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 3638c888f7cc164c3ac901d1ae063e77aa6621c4 267452 libcurl4-nss-dev_7.47.0-1ubuntu2.7_ppc64el.deb a76d668917081ab96c4cbe6b8e3fec895b2fba64 1290 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb f3f76e611a206093b30bb469f636d338238f6f38 260170 libcurl4-openssl-dev_7.47.0-1ubuntu2.7_ppc64el.deb Checksums-Sha256: 618958ee85d548c31e846edbea26c7192397fdd417d2cb5f8909da179e24a2d0 1086 curl-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 2cd7815874e024370eb798650887d199fe1efe5b468a434eaa2baf095bb2e3c1 136276 curl_7.47.0-1ubuntu2.7_ppc64el.deb 9f1a19f1aad49dffa9c6bc2bca4b3a6ab6d4e859446b51b592bfd1c8e536de24 3684458 libcurl3-dbg_7.47.0-1ubuntu2.7_ppc64el.deb 360f24c009fae30d815c4c8aacd3b1bf7238cd28585c2a5e3c6058c89e4f02fc 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb ab4fa14b06f190f131095fbd138250878560eca7b37a09077329f5d42fd5c32a 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 8a517793aab431fd144c35492b8a475212260d4dfe2f2b04f3be8e8b8ff916be 177526 libcurl3-gnutls_7.47.0-1ubuntu2.7_ppc64el.deb ca3f09f1c061cb8e8e2edf115a712366945df2f93fcaeb6cd2b524ad9d93a658 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 471b0d1dc1e0edc3ac655b71356b58dccea4676e31cc4255aff85b4c8a7c352c 183274 libcurl3-nss_7.47.0-1ubuntu2.7_ppc64el.deb edd5bcc4210bccb55098caf280a3b66dcfde09ca2721c4b41f5cdb651e907e86 178344 libcurl3_7.47.0-1ubuntu2.7_ppc64el.deb 0e0558631cc81a10e3f1cbca94fae97c1e50c4c3ab6115527d245909816ab9ae 1290 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb fa09ad57ef0f90e974872ff77a4b4c3e00342dfeba2912a677a625da7eca41c8 261512 libcurl4-gnutls-dev_7.47.0-1ubuntu2.7_ppc64el.deb 70b7b6dc8f62ea0358a41b7d9d6ac461afffde228c4d2d754682bf8db76173e8 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 4c5204c6017453f36bacdc6d2b15d1c4f412ae36fe3b50019c78d18ac1cda9d3 267452 libcurl4-nss-dev_7.47.0-1ubuntu2.7_ppc64el.deb 03a6738ca5d27f3228163e6db0cb3b0a16590e8cebc957ebfcd3085167ed400d 1290 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 57e952eb08f6d47daeb761603eab965f7da18031ec85553c46dca6bf7ad67bae 260170 libcurl4-openssl-dev_7.47.0-1ubuntu2.7_ppc64el.deb Files: b93faea75feffab344480d3dab3637ac 1086 web extra curl-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 0b4196111b5f1d22d18f3157c1b0006c 136276 web optional curl_7.47.0-1ubuntu2.7_ppc64el.deb 3e51956fe014e2588507ae8b59c9abb7 3684458 debug extra libcurl3-dbg_7.47.0-1ubuntu2.7_ppc64el.deb a10bacb8da9b8401c5ff42019e55828e 1206 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 68b98ba50a9ab5e1184932b8ff2288c9 1210 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 020cc380cd543f27bc7316bf35a4f087 177526 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.7_ppc64el.deb 77ac8a788b1038fe7ddcc8057e618706 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 583df149fae1541ea9214cdbd4b46538 183274 libs optional libcurl3-nss_7.47.0-1ubuntu2.7_ppc64el.deb 6f5af1740e7fe8c478177218c0d4b8be 178344 libs optional libcurl3_7.47.0-1ubuntu2.7_ppc64el.deb 00d5f44bb7efaecfbc7a0aca506a0b27 1290 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 6073c15703f865d5e9309cb1358903b2 261512 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.7_ppc64el.deb 0694514ca226685236ef851fa764d7f7 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 03a758a3114c8972bd7984c93dbf6924 267452 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.7_ppc64el.deb 69578b3c2b84547d700392ab681044f5 1290 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.7_ppc64el.ddeb 06d954211f5795bfc8e4e8d19cd0b01c 260170 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.7_ppc64el.deb Original-Maintainer: Alessandro Ghedini