Format: 1.8 Date: Mon, 29 Oct 2018 08:08:34 -0400 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: armhf Version: 7.61.0-1ubuntu2.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.61.0-1ubuntu2.2) cosmic-security; urgency=medium . * SECURITY UPDATE: SASL password overflow via integer overflow - debian/patches/CVE-2018-16839.patch: fix check in lib/vauth/cleartext.c. - CVE-2018-16839 * SECURITY UPDATE: use-after-free in handle close - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c. - CVE-2018-16840 * SECURITY UPDATE: warning message out-of-buffer read - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c. - CVE number pending Checksums-Sha1: a2b0b96947e729ff050512813713a7e9882b73ca 163252 curl-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 53b2218c875e95c46fe6edb5740f181cbaa49153 11116 curl_7.61.0-1ubuntu2.2_armhf.buildinfo 7542560608c94a3789b234c25ad5fca290f3bd3f 156376 curl_7.61.0-1ubuntu2.2_armhf.deb f276d74a76182bf21b3e776a09dfa974968916b6 1463320 libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 3c2476b0f388fba53e3563d9f47fe88badcff506 183320 libcurl3-gnutls_7.61.0-1ubuntu2.2_armhf.deb 3a2b0521e14f6b372b9a3b9e32c58960c1f36f68 1496740 libcurl3-nss-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb d36087b8ed89877090bec6829689aa124609098d 188776 libcurl3-nss_7.61.0-1ubuntu2.2_armhf.deb 55b88540b59f6b3f420b5e9cc13e92fa13ec21cf 1469208 libcurl4-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 665c80871ba55a03e38bfdb6b25e5a4048fb1acf 271148 libcurl4-gnutls-dev_7.61.0-1ubuntu2.2_armhf.deb b7dd88cebdf3059a2fb17252c03e79b3cb8a265d 277116 libcurl4-nss-dev_7.61.0-1ubuntu2.2_armhf.deb 00d9c899bf3cd7596e025fcf7fdc77d89b19e282 272796 libcurl4-openssl-dev_7.61.0-1ubuntu2.2_armhf.deb ff2dfac2f282efccc0b2d619c4464de11fea986f 184748 libcurl4_7.61.0-1ubuntu2.2_armhf.deb Checksums-Sha256: 3313508b9485f7e06b307739767a6eef08930a6fb91208cf9b94970838e40f11 163252 curl-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 966747cf044cad852d350915139c1ca3f302113fef6517577d13b0ffb79df0ec 11116 curl_7.61.0-1ubuntu2.2_armhf.buildinfo 758d20beaa5aa253cddb6871ab4dfffc0aa382146c2a30aeae49e9f38dcc1f92 156376 curl_7.61.0-1ubuntu2.2_armhf.deb 726c480d250288a7fdb6e9e366b85c4af274d4c555595f99e146c1a5870b65d6 1463320 libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 95451e7c5c0c01bbbe3eb1e42cf9ed4b1f93d8921156bf6a618dadc943893383 183320 libcurl3-gnutls_7.61.0-1ubuntu2.2_armhf.deb c085b0e5ed9e3e6520714b75fd0eba1a7eca6e3c0050f238482e56543c2f4f4b 1496740 libcurl3-nss-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 8ab0aa3929e39e45c5040280dab5d2f2197764c131ded9fa97d2835920e852f7 188776 libcurl3-nss_7.61.0-1ubuntu2.2_armhf.deb 704776739ecac6687d448be5c474243e600f34a33df58011033d5391f3c7b24a 1469208 libcurl4-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb c46cdaae7212fa892bf2e23c46a3000b9213a95c712fd3e01a44cf295a2d7eed 271148 libcurl4-gnutls-dev_7.61.0-1ubuntu2.2_armhf.deb 7f778fd22aa45a77838c18b4023bb5f7b1565d30d78a7ad7b0c6b2a416675e82 277116 libcurl4-nss-dev_7.61.0-1ubuntu2.2_armhf.deb 38e5e661132067cc9ff563a4c82023875e07f9df9e0b5357c140282bf785dfc1 272796 libcurl4-openssl-dev_7.61.0-1ubuntu2.2_armhf.deb 29cf31ec67d220fbf585469649f440971910f1adf6d0c25a257cef8fd998a6a3 184748 libcurl4_7.61.0-1ubuntu2.2_armhf.deb Files: 7b2c1206c22f8d63443369218300f9be 163252 debug optional curl-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 0c05d5888ac0fb9eba1f662ec4bfdfea 11116 web optional curl_7.61.0-1ubuntu2.2_armhf.buildinfo 50c3034f8ec3f3f00a86173ab5a15733 156376 web optional curl_7.61.0-1ubuntu2.2_armhf.deb 1b8a12c4048762c193f285331d63e255 1463320 debug optional libcurl3-gnutls-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 73fa51ee34938f3710ab17056b21133e 183320 libs optional libcurl3-gnutls_7.61.0-1ubuntu2.2_armhf.deb 202044e100fd32f5a0e0541bddb93515 1496740 debug optional libcurl3-nss-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 1dd7bc3362599d14fa4bf3c51460f156 188776 libs optional libcurl3-nss_7.61.0-1ubuntu2.2_armhf.deb 702bd4117be1f8cedfa0dd98b7204740 1469208 debug optional libcurl4-dbgsym_7.61.0-1ubuntu2.2_armhf.ddeb 87b90c2c77b8b0ffb03e8caa5fe768c8 271148 libdevel optional libcurl4-gnutls-dev_7.61.0-1ubuntu2.2_armhf.deb 184e5d03533d663de02d8ab8225db42b 277116 libdevel optional libcurl4-nss-dev_7.61.0-1ubuntu2.2_armhf.deb 9e0112b8b484bc76d1173018bf361d77 272796 libdevel optional libcurl4-openssl-dev_7.61.0-1ubuntu2.2_armhf.deb f82766fa3acfba8fb2646874e421bec2 184748 libs optional libcurl4_7.61.0-1ubuntu2.2_armhf.deb Original-Maintainer: Alessandro Ghedini