Format: 1.8 Date: Mon, 29 Oct 2018 08:13:39 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: armhf Version: 7.47.0-1ubuntu2.11 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.11) xenial-security; urgency=medium . * SECURITY UPDATE: SASL password overflow via integer overflow - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in lib/curl_sasl.c. - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c. - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c. - CVE-2018-16839 * SECURITY UPDATE: warning message out-of-buffer read - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c. - CVE number pending Checksums-Sha1: 81ddbce666272b13cd8063b7c369166b04da3ba2 1084 curl-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 574d70774bb9729df7b4c82d622756e747068f44 134828 curl_7.47.0-1ubuntu2.11_armhf.deb 7d043d0d8c1702d57140d059f453fd17f3cac2a8 3425506 libcurl3-dbg_7.47.0-1ubuntu2.11_armhf.deb b4ab90a680927d9e44d0e912bf3358097d0ee9f0 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb ecded72ef4450efb4a3f1eeff59390f5fec75775 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 0cd912dfcdcbc5d334b05f154cfb081f644c47e2 159922 libcurl3-gnutls_7.47.0-1ubuntu2.11_armhf.deb 6fb9a929960d320757e33a8ab748f15c52593c5b 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb fea5643c2b92f84d695f38b12fe6167bb46d66c7 165756 libcurl3-nss_7.47.0-1ubuntu2.11_armhf.deb aa77a430aaa0e120fa3ab7ba3e5f3d5a0b3d4985 162456 libcurl3_7.47.0-1ubuntu2.11_armhf.deb fd5afbf55a965661853b7dda1218680354d1ff5c 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 3b12193e08e8e288f7b44d520cb2250c1b2f3f2d 238596 libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_armhf.deb 22d2c9c7443b2045d59522b1dd36850d5f550690 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 64e505c63db73f906f7ae2f056295a568fca4cea 244978 libcurl4-nss-dev_7.47.0-1ubuntu2.11_armhf.deb e8d69dd8e731cf199dafde01752f5344cdb2e378 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 82e5b72de647016d794df849ac03aa7b53ec08c3 240708 libcurl4-openssl-dev_7.47.0-1ubuntu2.11_armhf.deb Checksums-Sha256: f29cc0febe7dd0776ffa00b5506f29bb4c50c2180399dc5d03478bb2d862ca2e 1084 curl-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 81ab44eaa581446ce0021d06b8d25750a3258ef445b1e53f7bff684c4781f534 134828 curl_7.47.0-1ubuntu2.11_armhf.deb 364b3e0aa6561ff2316f411018b5cb899b23663845e9d50473c41e142f6a1f65 3425506 libcurl3-dbg_7.47.0-1ubuntu2.11_armhf.deb 5f1b5a8be36660bd159e2e6ef4c6ce65d6c12958ca0aec183eb0a8bebe27a733 1206 libcurl3-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb b3fca45e0c6ac9596bf2bbc836908ac8e136e2d530b67491c2248bb2b4efbb0e 1210 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 193eaa382ed8977e921576e7e39909c08127192e848c8f6c54702f5080e3dec6 159922 libcurl3-gnutls_7.47.0-1ubuntu2.11_armhf.deb 97eda0898d49483b443c2a2e57e233400fa15df0bfdb82b026dad14a32495698 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb ad2b8f8c9023bc4e8d52bdcca06adb6aee1de13ed75f9adca1e0d8634a816c8a 165756 libcurl3-nss_7.47.0-1ubuntu2.11_armhf.deb 37bfeb13bacf7aef6838d6218be91728d1ee6488cc4e6445ee4349e6fd17ac0e 162456 libcurl3_7.47.0-1ubuntu2.11_armhf.deb 59307f1d8400589ccd925290e5ca172ca30252996e9742254ba8a4093edce62f 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 84868b09531c0fb75806f64b47f879868907c7cb22ac0b218b2779a6f5238fcd 238596 libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_armhf.deb 16321dbe43c2edc608f850bf9ba7749dc7bc6c322c8fe9f206c75c9ee32f91de 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 6cd2c4d7d22a9a53f3664215e25c008a0f762e79355745fd817fe9c72a4fc55a 244978 libcurl4-nss-dev_7.47.0-1ubuntu2.11_armhf.deb 44a04f771698a4e141c4a6cbb0176b03ba9bbaa3c1c18ead73566e2c2088c833 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 6f69307b4b5a93a66304805e7a4b84cff06f7c1bb830e5fdae676f1a6f0cbbbd 240708 libcurl4-openssl-dev_7.47.0-1ubuntu2.11_armhf.deb Files: cf5bcce047354e2ba19f4483ea67a321 1084 web extra curl-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb e0c191a93c2f90e4b98edbe0ea7e0458 134828 web optional curl_7.47.0-1ubuntu2.11_armhf.deb c5a2ffc4589996d45c03ae745866a126 3425506 debug extra libcurl3-dbg_7.47.0-1ubuntu2.11_armhf.deb 28ecab40d0ec63a193b1ae72038570b9 1206 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb d77eea3b9ea6c1234fd808d9c5287dc9 1210 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 9fe68170fc7b11a7fe1a6c3f60f5e5d5 159922 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.11_armhf.deb 1c370c7b01e4e2e2b90dd84953a37c3c 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 843b910059bd16cc24d2eebf6efac04a 165756 libs optional libcurl3-nss_7.47.0-1ubuntu2.11_armhf.deb 5c6be644cf6eb63837add35c465f796c 162456 libs optional libcurl3_7.47.0-1ubuntu2.11_armhf.deb c8a2647291584dc5c6861be839e2cde7 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 7acd5d9b2b29b68e8edc9ccef5a163b6 238596 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_armhf.deb 5bad09da53c3d39e9af062782e247860 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb cac1c4038137c33aea0ca8c6bbad5a29 244978 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.11_armhf.deb 9aa3ea33675a77f022bf0543d9beac0e 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_armhf.ddeb 8c3e8eca5efd7c35f4c0cd8934fae988 240708 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.11_armhf.deb Original-Maintainer: Alessandro Ghedini