Format: 1.8 Date: Wed, 21 Jul 2021 08:37:41 -0400 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: amd64 all Version: 7.58.0-2ubuntu3.14 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.14) bionic-security; urgency=medium . * SECURITY UPDATE: TELNET stack contents disclosure - debian/patches/CVE-2021-22898.patch: check sscanf() for correct number of matches in lib/telnet.c. - CVE-2021-22898 * SECURITY UPDATE: Bad connection reuse due to flawed path name checks - debian/patches/CVE-2021-22924.patch: fix connection reuse checks for issuer cert and case sensitivity in lib/url.c, lib/urldata.h, lib/vtls/gtls.c, lib/vtls/nss.c, lib/vtls/openssl.c, lib/vtls/vtls.c. - CVE-2021-22924 * SECURITY UPDATE: TELNET stack contents disclosure again - debian/patches/CVE-2021-22925.patch: fix option parser to not send uninitialized contents in lib/telnet.c. - CVE-2021-22925 Checksums-Sha1: 9342f2aa9863d0991cef81322203b1ef018e6497 141744 curl-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 9ad701a02ec9b2eb67db3d1e18639e1c235fb8d2 12111 curl_7.58.0-2ubuntu3.14_amd64.buildinfo c3d916dfaf153d6e35ee521280ae383e11d69626 158660 curl_7.58.0-2ubuntu3.14_amd64.deb 1d56756d096f3d33ba577f55eab6229511f55bb2 1303568 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 4a94173a2df073243f6030bdbaff5a18cd3567e6 217796 libcurl3-gnutls_7.58.0-2ubuntu3.14_amd64.deb 2c1db0afb549c6662eb54ad034d6d7c6a7ab7492 1334084 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 2d76500f53f0aea37f91a5d3ca514d9ab785f0a2 223680 libcurl3-nss_7.58.0-2ubuntu3.14_amd64.deb 56308ef3cf2fa86cfcc317bf9581758369228431 1311348 libcurl4-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 9a9c84e038670bf559ecf9baf7ac1a6401be1f6c 835016 libcurl4-doc_7.58.0-2ubuntu3.14_all.deb dd4b7b3c48f7d5135a185a6eb9f7214d21ccf55f 300352 libcurl4-gnutls-dev_7.58.0-2ubuntu3.14_amd64.deb 182909dcedaf1f76df93bb70d438c0613b6f9ecb 306744 libcurl4-nss-dev_7.58.0-2ubuntu3.14_amd64.deb 98809a754f9c73d4735ec6a0a0065a2c5b69c60d 301404 libcurl4-openssl-dev_7.58.0-2ubuntu3.14_amd64.deb 5b9ddfbaddfa60c39c387552d9de4a016f7a87a8 219116 libcurl4_7.58.0-2ubuntu3.14_amd64.deb Checksums-Sha256: 12c9789d9b666b088864ec4fd9a4c84b1c7f9608d4244be96b591634f0a6459e 141744 curl-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 2ce983f2a6316edfc255697e64b670da6ba5d754c5b7e9197f7f8aa96225c5d5 12111 curl_7.58.0-2ubuntu3.14_amd64.buildinfo 3d4f84bb23501b1e388fb4f39c9538864232d5770c50b0bbcc40fd329ca2b95e 158660 curl_7.58.0-2ubuntu3.14_amd64.deb 5d6e2b1319a8422f3dcfa5f8a80235c3a1222a5e2388f74a0eaf2ed84dcfdc78 1303568 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 4d715629f32db92e81f456c9dc60ef72c58d21af0b021fabed86dcc3037084ea 217796 libcurl3-gnutls_7.58.0-2ubuntu3.14_amd64.deb 87957f70ca277707196f1e4a83bfc8c3947765a8872cd31e2d48de004b7695a9 1334084 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 87807aea5bfc16c63d119e0acf50bd4e5615118505eb2292ff6dfc90fcbd461e 223680 libcurl3-nss_7.58.0-2ubuntu3.14_amd64.deb 75a2a603d25784b1f1536c4ad3359d27b8beebe4ae9657bccc8eab9a24458940 1311348 libcurl4-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 0df38b020f4e27862f1754d8e956cdeeaea817ec9bd1c8fff8a5361a28f5cad4 835016 libcurl4-doc_7.58.0-2ubuntu3.14_all.deb 733be54cd6c9f5ddac6561ef9e7ababee3965d17b4efa8e44691c16164e337c7 300352 libcurl4-gnutls-dev_7.58.0-2ubuntu3.14_amd64.deb c627467b60438dae3857d8dffc33978f82535c831dfd4c87715058766b19f9a8 306744 libcurl4-nss-dev_7.58.0-2ubuntu3.14_amd64.deb 0858254c805122fc5ecae5c1ad92b13bb90927ff61abd809aa7dc587482375b2 301404 libcurl4-openssl-dev_7.58.0-2ubuntu3.14_amd64.deb 17e5b3dcedb6e367d2937decee168395076c997f579126fe5cc08565b356a77f 219116 libcurl4_7.58.0-2ubuntu3.14_amd64.deb Files: c8ecb2976d8411c6c9586a3bf79640d2 141744 debug optional curl-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 68eb38a8142831c78c3fceb992b54b69 12111 web optional curl_7.58.0-2ubuntu3.14_amd64.buildinfo 2755444c66d39fc43739d862fa3bce66 158660 web optional curl_7.58.0-2ubuntu3.14_amd64.deb d29a5aa68825cbcf7b829a5aebd69934 1303568 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 02c74dbbaa1ba7abbe919e5f3727d4e9 217796 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.14_amd64.deb 6f9067d3eb5b41f586277d91935b7c03 1334084 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 2594a9b349184f282ca93b949d59ff8d 223680 libs optional libcurl3-nss_7.58.0-2ubuntu3.14_amd64.deb 4785b0e0d5115e5367986de1709bd9eb 1311348 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.14_amd64.ddeb 998ba5a0b895046514580b4a824b5acb 835016 doc optional libcurl4-doc_7.58.0-2ubuntu3.14_all.deb 62bf5870f840a102ab65792b275d8271 300352 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.14_amd64.deb 3fe33236308172cd03a22a8f5ac3ab7a 306744 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.14_amd64.deb 829a309795299b89c2a6c91b3edb1bbf 301404 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.14_amd64.deb a2b61f58d1089ea5c5ab19b69935d375 219116 libs optional libcurl4_7.58.0-2ubuntu3.14_amd64.deb Original-Maintainer: Alessandro Ghedini