Format: 1.8 Date: Fri, 06 Sep 2019 14:50:00 +0930 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: amd64 all Version: 7.64.0-2ubuntu1.2 Distribution: disco Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Alex Murray Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.64.0-2ubuntu1.2) disco-security; urgency=medium . * SECURITY UPDATE: double-free when using kerberos over FTP may cause denial-of-service - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid double-free on large memory allocation failures - CVE-2019-5481 * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may cause denial-of-service or remote code-execution - debian/patches/CVE-2019-5482.patch: ensure to use the correct block size when calling recvfrom() if the server returns an OACK without specifying a block size in lib/tftp.c - CVE-2019-5482 Checksums-Sha1: 1241a7109a209bd5b2660ff99c02ab61bcfe68f2 118700 curl-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb d2d19c677384291ee7cf453c58485f82cf9eebcd 11294 curl_7.64.0-2ubuntu1.2_amd64.buildinfo ae5a3e5527c02c6948e435c2b608ff3dc9c10c5d 165916 curl_7.64.0-2ubuntu1.2_amd64.deb e7b12db93b641fa54be6d6f5a917224bbfc6477b 726060 libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb e2bac1902cb88415cb2419566498a8083b83f477 230612 libcurl3-gnutls_7.64.0-2ubuntu1.2_amd64.deb bce923131dfae63133c2a68ff13e004287a92b0b 764568 libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb 29a7e559284c8269323e50a58fa9c92fef4352f9 237192 libcurl3-nss_7.64.0-2ubuntu1.2_amd64.deb 3b6bd28172dbc9caf2b4929be9bba11624809b35 743216 libcurl4-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb 4f11eb5eb88c0259873b982ede1492ad8b72f334 900764 libcurl4-doc_7.64.0-2ubuntu1.2_all.deb 1932b1f0841adce489ba274892d74403fcd866bd 315712 libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_amd64.deb 94ba2e324e54005904099675933fd805c0555f31 322412 libcurl4-nss-dev_7.64.0-2ubuntu1.2_amd64.deb 9c3b79b7f8e8d0833d7a98564648f24dd699bd73 318036 libcurl4-openssl-dev_7.64.0-2ubuntu1.2_amd64.deb 79b546f3634b14ff37ab5968bab799c5007d53cc 232568 libcurl4_7.64.0-2ubuntu1.2_amd64.deb Checksums-Sha256: 4565350a119ed14f6a51b18b2118cde78217a10947609bc2bda1886054f6ce1f 118700 curl-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb 17c132ea2c88e163c9fc7a4bf21f542847b5f6314c873ad496f12aadc3e2342e 11294 curl_7.64.0-2ubuntu1.2_amd64.buildinfo 859c7d99159aff18dd20eaf510b7ce1381cc643a2590c749e04de28be3ae77d0 165916 curl_7.64.0-2ubuntu1.2_amd64.deb 5163422c7f129b3e3a38989d200ba7c97d800834577befc672fa811383cf80eb 726060 libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb 236dee0c27d23b4b3d43c4fe6672de76eea62f3d3b9a6b19168690d564d4ebf3 230612 libcurl3-gnutls_7.64.0-2ubuntu1.2_amd64.deb e6199b2eb773ec25ccf8f46f873ba521093ea743fa5a5c256adec6e0753a0be0 764568 libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb 4104564d9fa364d19d71c9b6cacf6c8be25452e92942cd28ce4dc94886358649 237192 libcurl3-nss_7.64.0-2ubuntu1.2_amd64.deb b0a919d89abcbeecf5b2fe433b3e11240ca590efa045904eae3e1900fcbc3d14 743216 libcurl4-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb c8aba60e73dd71f3435c08cdbd3fca71ae5a11402a80f998c856498ee683f50c 900764 libcurl4-doc_7.64.0-2ubuntu1.2_all.deb 9bd70a918d6d7040e0f96e824cdbfac752bcb22fd2f27d99e32729f2ac495174 315712 libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_amd64.deb 2483fb57915d9f99f59012d3a13dc916237c80354e5e33d9130ccd611a909807 322412 libcurl4-nss-dev_7.64.0-2ubuntu1.2_amd64.deb d7bd2b80c01890c5db3a7e725dcde821ca4f99e4d9eef29886bc1396d8702ce1 318036 libcurl4-openssl-dev_7.64.0-2ubuntu1.2_amd64.deb 934b610039be51aeb8a50d5491d1adb5f8546e6dfb0792b33593a76acb3b964b 232568 libcurl4_7.64.0-2ubuntu1.2_amd64.deb Files: a415242b82626fc7cf54317692236c96 118700 debug optional curl-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb 46742e3586563641a65b367b8573fb36 11294 web optional curl_7.64.0-2ubuntu1.2_amd64.buildinfo 9ca4a5eb371ba9506ef89b452bf455e7 165916 web optional curl_7.64.0-2ubuntu1.2_amd64.deb bd8d10756ad6153567a0fd76126d56fb 726060 debug optional libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb 469414a19c95642ded8ba352a6de85a6 230612 libs optional libcurl3-gnutls_7.64.0-2ubuntu1.2_amd64.deb bf3f2efbced0d557c82a50a646f9e1f0 764568 debug optional libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb c8c184fc53fc81bb14046433cd82b12f 237192 libs optional libcurl3-nss_7.64.0-2ubuntu1.2_amd64.deb 4f871031f775b1798f0fd18d641503f7 743216 debug optional libcurl4-dbgsym_7.64.0-2ubuntu1.2_amd64.ddeb ba89e4c60fbaaacdd2396491530f30bf 900764 doc optional libcurl4-doc_7.64.0-2ubuntu1.2_all.deb 466b0f96e7b1d3fe77a89105cb45e415 315712 libdevel optional libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_amd64.deb 860eb60c513153f63476d5f9a36b7c22 322412 libdevel optional libcurl4-nss-dev_7.64.0-2ubuntu1.2_amd64.deb a866d522ab5b40a899e8f75ad86aeafc 318036 libdevel optional libcurl4-openssl-dev_7.64.0-2ubuntu1.2_amd64.deb c03a8bf19f0d990cbe348c567fe3ac6c 232568 libs optional libcurl4_7.64.0-2ubuntu1.2_amd64.deb Original-Maintainer: Alessandro Ghedini