Format: 1.8 Date: Wed, 21 Jul 2021 08:35:58 -0400 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: i386 Version: 7.68.0-1ubuntu2.6 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.68.0-1ubuntu2.6) focal-security; urgency=medium . * SECURITY UPDATE: TELNET stack contents disclosure - debian/patches/CVE-2021-22898.patch: check sscanf() for correct number of matches in lib/telnet.c. - CVE-2021-22898 * SECURITY UPDATE: Bad connection reuse due to flawed path name checks - debian/patches/CVE-2021-22924.patch: fix connection reuse checks for issuer cert and case sensitivity in lib/url.c, lib/urldata.h, lib/vtls/gtls.c, lib/vtls/nss.c, lib/vtls/openssl.c, lib/vtls/vtls.c. - CVE-2021-22924 * SECURITY UPDATE: TELNET stack contents disclosure again - debian/patches/CVE-2021-22925.patch: fix option parser to not send uninitialized contents in lib/telnet.c. - CVE-2021-22925 Checksums-Sha1: 4f669e737226d66d15a11e4d371ba5b47b7b3185 122184 curl-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb ab76218895eb7aa637cc6ebbc6ad6c6f84a35801 11624 curl_7.68.0-1ubuntu2.6_i386.buildinfo beb8b0f93130dd454423b5510220d5b12f205e8f 166744 curl_7.68.0-1ubuntu2.6_i386.deb 36c2c5eabb83bfd241d2c58ab060a41dda1d4384 666152 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb 1396749b4fba1b2e2aef21caba9c913ba9e3387b 258992 libcurl3-gnutls_7.68.0-1ubuntu2.6_i386.deb e644614ca8c0bf94bff969e596a6f595bc3b165f 701428 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb c9ebe3ac2ace8b56725b6c2eef847d7016ec94c8 265060 libcurl3-nss_7.68.0-1ubuntu2.6_i386.deb 7a31aaabc28ad78644ac240910beda06b81fe2fe 683092 libcurl4-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb 9750388fa51445859bbfee64aa0cd93b1d2d44fb 356084 libcurl4-gnutls-dev_7.68.0-1ubuntu2.6_i386.deb 4eb3a010f433e9dbd6ed08098dad5580e2c2f78f 362688 libcurl4-nss-dev_7.68.0-1ubuntu2.6_i386.deb bf8b048a17b2eaac8395a9926fc429b88ee52461 359140 libcurl4-openssl-dev_7.68.0-1ubuntu2.6_i386.deb 4523eb95c84b8bc924f27b2f9cbb0fd201f39cfe 261964 libcurl4_7.68.0-1ubuntu2.6_i386.deb Checksums-Sha256: 500063d6868bdc57986f1482cc08cba57acd538f8ac1e3767d724558b0c551ae 122184 curl-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb 228e0b173cae3b16e3e8c2927c63a5b4bec3ec909eb8ef23c266647ed3ccc9fe 11624 curl_7.68.0-1ubuntu2.6_i386.buildinfo 423e638960371b4512bb43c5e4979e95dfe500bb44c1c3969e152a3fa3d7edb0 166744 curl_7.68.0-1ubuntu2.6_i386.deb 8720b0419e8951d6541656bbf69b1b08402b293d80abdae59dc86c2f790045f6 666152 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb f8563f75b35f48304bb50e9b6cccb5712110078cea23ad60bdbebad7558f02b9 258992 libcurl3-gnutls_7.68.0-1ubuntu2.6_i386.deb dca75fe1bcf204a8058dc1af6682aa57614eea4d87007981e83f3d9e885431c0 701428 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb 61bf6e1defd01dbcaec8c0c4a50f068669beb1f79e582aeda9ecfca53308509a 265060 libcurl3-nss_7.68.0-1ubuntu2.6_i386.deb c3683a8800d5cf29a22a38d56b7da901b6376f5286d4ee03c73516b2c0d6bbbf 683092 libcurl4-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb 2b2a0c9043ae97489c1e4a5c3d7f1692657b0f20dde6518653707a5080e51df3 356084 libcurl4-gnutls-dev_7.68.0-1ubuntu2.6_i386.deb b8ee6986d73f3437479fadae38579a187231bf70432db19a0f75c871bc59e2cb 362688 libcurl4-nss-dev_7.68.0-1ubuntu2.6_i386.deb fc853c3dbc9066ef38ca264c13bb834f430934d971506d91cde0837b770ddf2e 359140 libcurl4-openssl-dev_7.68.0-1ubuntu2.6_i386.deb 068a22a9696b6034490bb8d66fc035bdba445f37d2717bfe3fc571f2d248a5b2 261964 libcurl4_7.68.0-1ubuntu2.6_i386.deb Files: 005ce21dd87d67d9222ba1d6f7558fb2 122184 debug optional curl-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb d9e4b6881032a43547e9f3539b117d3f 11624 web optional curl_7.68.0-1ubuntu2.6_i386.buildinfo 63dc3778dcbab185149ddffda62ded07 166744 web optional curl_7.68.0-1ubuntu2.6_i386.deb e0f35dd8b7caeef7f09e8f6ac778be97 666152 debug optional libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb d3f7853a7bcfc37a55059309e119b733 258992 libs optional libcurl3-gnutls_7.68.0-1ubuntu2.6_i386.deb 1d5e47f222d57a46d840ea0d66b4cfed 701428 debug optional libcurl3-nss-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb 74a85f112f7a21374f19d4a65fed7e67 265060 libs optional libcurl3-nss_7.68.0-1ubuntu2.6_i386.deb b5b6368b640e4de4d254d4b3deea8929 683092 debug optional libcurl4-dbgsym_7.68.0-1ubuntu2.6_i386.ddeb c3a27b5b47fdcbe103bf2b314a39d998 356084 libdevel optional libcurl4-gnutls-dev_7.68.0-1ubuntu2.6_i386.deb 180dfe76e5c956518e4a3cb8778cad63 362688 libdevel optional libcurl4-nss-dev_7.68.0-1ubuntu2.6_i386.deb efc301df11e982034825bf449bc73ad9 359140 libdevel optional libcurl4-openssl-dev_7.68.0-1ubuntu2.6_i386.deb b040952cf869af321abaf58cbfa232f0 261964 libs optional libcurl4_7.68.0-1ubuntu2.6_i386.deb Original-Maintainer: Alessandro Ghedini