Format: 1.8 Date: Wed, 21 Jul 2021 08:35:58 -0400 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: arm64 Version: 7.68.0-1ubuntu2.6 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.68.0-1ubuntu2.6) focal-security; urgency=medium . * SECURITY UPDATE: TELNET stack contents disclosure - debian/patches/CVE-2021-22898.patch: check sscanf() for correct number of matches in lib/telnet.c. - CVE-2021-22898 * SECURITY UPDATE: Bad connection reuse due to flawed path name checks - debian/patches/CVE-2021-22924.patch: fix connection reuse checks for issuer cert and case sensitivity in lib/url.c, lib/urldata.h, lib/vtls/gtls.c, lib/vtls/nss.c, lib/vtls/openssl.c, lib/vtls/vtls.c. - CVE-2021-22924 * SECURITY UPDATE: TELNET stack contents disclosure again - debian/patches/CVE-2021-22925.patch: fix option parser to not send uninitialized contents in lib/telnet.c. - CVE-2021-22925 Checksums-Sha1: cc0056b03a014b233639e8fefefd12c5430ca331 134932 curl-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 1850a2c0ece56ac981bad27276590047a2fc7075 11695 curl_7.68.0-1ubuntu2.6_arm64.buildinfo 4ce11274885f1bf3bffc07ddb15c79d893c81d37 156892 curl_7.68.0-1ubuntu2.6_arm64.deb 5ee8f99f62f6c449b457d5d77b4cbba531a04f10 740752 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 6cf4f5ec21b0b481af27706fa64242f3cd4c61f1 211684 libcurl3-gnutls_7.68.0-1ubuntu2.6_arm64.deb dc824b2450cf590739ed070d57b91e7cf137c5ec 779008 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 0fd8d6a80906e80bec573293ccfd13eff96bf73a 218548 libcurl3-nss_7.68.0-1ubuntu2.6_arm64.deb d4850c668d799b5bbee35b2e5f91a6eb7372140f 759292 libcurl4-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 1d469513e9aacab45dfaf452b03ffa9b806e7793 307276 libcurl4-gnutls-dev_7.68.0-1ubuntu2.6_arm64.deb 6870e0cc0aca7f51a38c346fccc5a5bf4439d4fb 314492 libcurl4-nss-dev_7.68.0-1ubuntu2.6_arm64.deb 28c913b5f97ec560303a2431ccea9c4d97f651d4 309280 libcurl4-openssl-dev_7.68.0-1ubuntu2.6_arm64.deb 0733851820d10ee1468194d79381d4ebaa2d8242 214100 libcurl4_7.68.0-1ubuntu2.6_arm64.deb Checksums-Sha256: 500bd89a2fcaa80825910105d6c0c36df5869a643dcfa42a2efb03e5a58d2820 134932 curl-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 0f6c1609bb6d0ba76a56309edf8d56204699353dcfa25eb08ab9fd7a93a97628 11695 curl_7.68.0-1ubuntu2.6_arm64.buildinfo 6a2c747ddbfd712e329cd6ee1a47f2d8203e2d264ffd4508b2b3c618d5df29a4 156892 curl_7.68.0-1ubuntu2.6_arm64.deb 0c0df26c4d90c93c258c912c3f6611c6835b999d7465e876fc37929396a2dc9a 740752 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 0893a078e3fcb263b5478b5f83f78ae971ca94b42023a7b00ebc250572a9565c 211684 libcurl3-gnutls_7.68.0-1ubuntu2.6_arm64.deb 1a5d790c44dad6ab356ffaaa581e1527d07ef167a0f9808df61fa9829c75fe14 779008 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 2bd7bbb1afe67bc195d36b5cd7428b54eae03c14e7e5e8d949d8c1df3c41e3c6 218548 libcurl3-nss_7.68.0-1ubuntu2.6_arm64.deb 27af90b3a715a9b968b477fe3fb1f17a514a1bc04d1f9e9d9d47813be13a4a0c 759292 libcurl4-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 91777da544d75758ba1e7cbf0f9a60f420db5435222be40766a86effd801e28d 307276 libcurl4-gnutls-dev_7.68.0-1ubuntu2.6_arm64.deb a480cb9e862f19e0f44a6d22f2b36236eb088e8ad3fb1238ad4f43c4a82f013b 314492 libcurl4-nss-dev_7.68.0-1ubuntu2.6_arm64.deb 58c07a7977d78bf2585b6a94a0394b45ef14bbabe5609b2a144bd6ecfe0e2f91 309280 libcurl4-openssl-dev_7.68.0-1ubuntu2.6_arm64.deb 7b5d8b475924b993457715771ecd88a6f771ded084842ffbc1219c636315819f 214100 libcurl4_7.68.0-1ubuntu2.6_arm64.deb Files: a817fa2cca729f30e9576527ef62bade 134932 debug optional curl-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb b470e0f41a42b138f5ee4b5fffa2eb14 11695 web optional curl_7.68.0-1ubuntu2.6_arm64.buildinfo 9517dc234f8d1997a98dc1f7c4f133eb 156892 web optional curl_7.68.0-1ubuntu2.6_arm64.deb 1f35e39a727667970d7e604250db53bf 740752 debug optional libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb ffc1a5341533a35489d4a59b521d2e4a 211684 libs optional libcurl3-gnutls_7.68.0-1ubuntu2.6_arm64.deb 87a64afe6a581e14d8c3e3db20c4152a 779008 debug optional libcurl3-nss-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 56a1f096f61c95b476fb5b1531887533 218548 libs optional libcurl3-nss_7.68.0-1ubuntu2.6_arm64.deb 710ced0315c485b334c5beaaacc84916 759292 debug optional libcurl4-dbgsym_7.68.0-1ubuntu2.6_arm64.ddeb 25e9d8de0daf620ef6611f1ecd7a937a 307276 libdevel optional libcurl4-gnutls-dev_7.68.0-1ubuntu2.6_arm64.deb 7d92a4fb40709b5b8aae59ca4ab021a7 314492 libdevel optional libcurl4-nss-dev_7.68.0-1ubuntu2.6_arm64.deb fde2552bbbbbadbea0aac8e15fe9b562 309280 libdevel optional libcurl4-openssl-dev_7.68.0-1ubuntu2.6_arm64.deb 5804ddcb2dd56fea6e44a3e9227067b7 214100 libs optional libcurl4_7.68.0-1ubuntu2.6_arm64.deb Original-Maintainer: Alessandro Ghedini