Format: 1.8 Date: Tue, 28 Nov 2017 08:03:58 -0500 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: amd64 all Version: 7.47.0-1ubuntu2.5 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.5) xenial-security; urgency=medium . * SECURITY UPDATE: NTLM buffer overflow via integer overflow - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc size in lib/curl_ntlm_core.c - CVE-2017-8816 * SECURITY UPDATE: FTP wildcard out of bounds read - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in setcharset in lib/curl_fnmatch.c, added tests to tests/data/Makefile.inc, tests/data/test1163. - CVE-2017-8817 Checksums-Sha1: 55e1c795bb3b0595d0f9eead8dd4a8ac8d24bbab 1086 curl-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 18c100647cc6176d58c38d9df0d576c692e9dd37 138468 curl_7.47.0-1ubuntu2.5_amd64.deb c90defcceba4b048f5700c7058964e0f10e09226 3503882 libcurl3-dbg_7.47.0-1ubuntu2.5_amd64.deb b5a487760e40cfa9ef0f8153d406024ef14e8aaa 1202 libcurl3-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb e7ef96d04e8df926ce21ed4f711933d67590367c 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 35176f7c693d647ea93d567b2ab712e29f113dd9 184186 libcurl3-gnutls_7.47.0-1ubuntu2.5_amd64.deb c14a02fe3e038ab31d86788d974dfcf6cee9239c 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 6389a693ac6f9267f34c76488fb239b984603d47 190874 libcurl3-nss_7.47.0-1ubuntu2.5_amd64.deb 09ffc2ced4a2d6d4da350bada4982ac0f84548ca 186644 libcurl3_7.47.0-1ubuntu2.5_amd64.deb 59ce6783f9ca7a7cc4849b9b4f906ce1b81fe77b 1157660 libcurl4-doc_7.47.0-1ubuntu2.5_all.deb 03c06588f5a38bedfc5681a8888463ecf97de366 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb b12ec644469f7b4ed6723d1cce04fc8a4b2cf7c7 260674 libcurl4-gnutls-dev_7.47.0-1ubuntu2.5_amd64.deb 83b94f34b01638ab93535ee72f9442de14c187ef 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 3fe892e1f60cd7d916624a9d122877912efccba3 267366 libcurl4-nss-dev_7.47.0-1ubuntu2.5_amd64.deb 4afabe14a2c824d7f47edbfe00345995b8e15670 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 06e373b363f7686f243e92261fd5bd8ce40ba8d7 262742 libcurl4-openssl-dev_7.47.0-1ubuntu2.5_amd64.deb Checksums-Sha256: 174fdfbf7b4abd687616018ef98c4215e09464dc0088247b02753590af8afb36 1086 curl-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 25627ed3d92e8b468c26d45d73aac397300ceeaf020913114f0ce0b3022f004a 138468 curl_7.47.0-1ubuntu2.5_amd64.deb 8906a32af117d25996956b8478944a0012e2c42f0aa18079341897f08e4d1537 3503882 libcurl3-dbg_7.47.0-1ubuntu2.5_amd64.deb 746695d0a65b5a631027116b0a6c7c24be2753608126a2a4de662cac42187d61 1202 libcurl3-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb e852717d0b323e63dbcd58491838a9defb32a8de2d041ed75bf6986382ea620d 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 476bec46443f3ff217877a6a0ba92f1b1d6d9e756ea52e7855865195fe42dd19 184186 libcurl3-gnutls_7.47.0-1ubuntu2.5_amd64.deb d84b26b6cf60f80b2df93ac4c5fc9dcd86bd58a6703dc5e29fa1737af940b01d 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 3e12af75c390e178520cdd31d1331f5a8f9e00fb4df296f16efbee7d7cc18e39 190874 libcurl3-nss_7.47.0-1ubuntu2.5_amd64.deb 1cb0e808f3a05055f0c91448aaea64821789d04d21b37fc2c21cb579a317ba0e 186644 libcurl3_7.47.0-1ubuntu2.5_amd64.deb c06d4bf977e0f479e0fb317bd4c755bdb70ef9ed68f3d12da8a204c90d77b13a 1157660 libcurl4-doc_7.47.0-1ubuntu2.5_all.deb 5c225d516c3fb6f9caaeb21eb2b880aaf25c9cebe8d5519622259cd05c373965 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 77baa63afdbd246fc091d468b664d3d688395f4c828496f7ba79cdee38a66af8 260674 libcurl4-gnutls-dev_7.47.0-1ubuntu2.5_amd64.deb aa054b3bcaa8906a8ec349f8255203d381db5680c1a171cfae92f7e40ce9e955 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb cf2c44ed9726eb9828ce3d9c60c50e988c8c504c6b4ccecf42d609ce3170b4c5 267366 libcurl4-nss-dev_7.47.0-1ubuntu2.5_amd64.deb b3a1099e37bf1eef2192d85235e6d87111f341a3099b51a77c8d0e83a86bb081 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 27661ed6d6cfa0ef85b07698a1f9a6937635774c4c5c267185a9fd2577e5b1ef 262742 libcurl4-openssl-dev_7.47.0-1ubuntu2.5_amd64.deb Files: 63f0933781f2a7e3cd4a28b7f6a4f1f7 1086 web extra curl-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 6961b66f9a9b358096f16f32a596dbfa 138468 web optional curl_7.47.0-1ubuntu2.5_amd64.deb 968a498d70008be87c49223880fead5c 3503882 debug extra libcurl3-dbg_7.47.0-1ubuntu2.5_amd64.deb 08603e59611e828116d7c5696c14cbd4 1202 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 56f7e9770e1a5017865bd733b738c97f 1210 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb d40baea76c61271cc12a88c2d4f88837 184186 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.5_amd64.deb c54be3ab6b46e95ebd10e5f31b533ad6 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 293c354b419d344f12902eb927ab72e8 190874 libs optional libcurl3-nss_7.47.0-1ubuntu2.5_amd64.deb 9bfb80b821500c62b5340e2ef0e3c71a 186644 libs optional libcurl3_7.47.0-1ubuntu2.5_amd64.deb c2b981491a9ef1d5205eb04b3bc8a752 1157660 doc optional libcurl4-doc_7.47.0-1ubuntu2.5_all.deb 3e780031ca768805ae56bf297a9f3dd8 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 0b2c27ef852b9d56a326e961c8bdb750 260674 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.5_amd64.deb ccac5dc90f825a61147ab4a680a2cbb7 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb 8ea687c513c7c5a3f7b2a698750bf95c 267366 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.5_amd64.deb 2074f3329d1d267324cf79472898d0db 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.5_amd64.ddeb a4a5335d32723db4a219cf4197d6325b 262742 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.5_amd64.deb Original-Maintainer: Alessandro Ghedini