Format: 1.8 Date: Fri, 06 Sep 2019 14:50:00 +0930 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: i386 Version: 7.64.0-2ubuntu1.2 Distribution: disco Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Alex Murray Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.64.0-2ubuntu1.2) disco-security; urgency=medium . * SECURITY UPDATE: double-free when using kerberos over FTP may cause denial-of-service - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid double-free on large memory allocation failures - CVE-2019-5481 * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may cause denial-of-service or remote code-execution - debian/patches/CVE-2019-5482.patch: ensure to use the correct block size when calling recvfrom() if the server returns an OACK without specifying a block size in lib/tftp.c - CVE-2019-5482 Checksums-Sha1: 2034676f9585a52860dcb2e84cb3864a7c3eb8f4 107004 curl-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb fdb45cef6d91471569e35c866a5a6cd22db7f7e1 10901 curl_7.64.0-2ubuntu1.2_i386.buildinfo a011652c08f42e0c671b0fc7287fabaa1b513165 169168 curl_7.64.0-2ubuntu1.2_i386.deb 0a1fd8f195e4978f0b8c336add7480111a8f2e2d 649092 libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb 1959e7f3518f680b17fd771313a541e91795ed59 256120 libcurl3-gnutls_7.64.0-2ubuntu1.2_i386.deb 2220b31a7634545ec35703060efc89144f1c489e 685692 libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb 075cc53466de6e0ada143583f29045d00db5c1dc 262372 libcurl3-nss_7.64.0-2ubuntu1.2_i386.deb 525d9c01993db41a9f9ea1d445b2da7f42d914d2 666740 libcurl4-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb d8541cbf94412091768c7b7cfad42e6e91e1ec98 351172 libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_i386.deb a66128584d4a375aaa031d1aab585d530848e842 357904 libcurl4-nss-dev_7.64.0-2ubuntu1.2_i386.deb b5e37e24b3d374935a9acb5ce4e1ac9ef6c5a27e 353964 libcurl4-openssl-dev_7.64.0-2ubuntu1.2_i386.deb 2cd2f6f8432c6784cbe0846a5b291e48ded027a8 259108 libcurl4_7.64.0-2ubuntu1.2_i386.deb Checksums-Sha256: 05f5c123e4b47296553db35bc143f8b9f634a01caf60c6b941a35feae6678a96 107004 curl-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb 2a1b322142fa20932dca6b12e76246695ee822d85bd497062eb2a63606bf63de 10901 curl_7.64.0-2ubuntu1.2_i386.buildinfo d640b2f210b2c5ff4ac08c951a30aa535632b1ca754a4c7d7b59aed71c72431c 169168 curl_7.64.0-2ubuntu1.2_i386.deb 2dafa01df361a8277f169c0aa25cdda92d776280cfe87bbeca2a71bcca7a461c 649092 libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb 4761de20deee76b7a6535775b546ba69f8b08af38ce6993ca0bb3f0f3279f491 256120 libcurl3-gnutls_7.64.0-2ubuntu1.2_i386.deb 3cd85b0df70934e1e4f5c52a32c88675c83f0a5357f36dc63f1dc3ffa18ed191 685692 libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb df23ad4931fb5f4b020197b54d8ddf106c7b5a402a21c1270f2c535dc28788f3 262372 libcurl3-nss_7.64.0-2ubuntu1.2_i386.deb 3b77c9f5da226bfa3fd7e2e22496df32806fbed7b95598dab9606994137d35d2 666740 libcurl4-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb be98266b7cb6566c03e8d63af18835d61149cd0a59219f51de2071dbb91ddc44 351172 libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_i386.deb c019313b3b3d13af763a63f42b1e6cf722a47f8a6e5d87d6449ab5bc3d976f5f 357904 libcurl4-nss-dev_7.64.0-2ubuntu1.2_i386.deb 4d53c03571e1febae1216902cc157a81fde251ea07bea94e8ccc854487570e3a 353964 libcurl4-openssl-dev_7.64.0-2ubuntu1.2_i386.deb d535c1a565bb07f6f280721d6e9bdc376191dbf4e8471e7f5b4aa639e32975bc 259108 libcurl4_7.64.0-2ubuntu1.2_i386.deb Files: 8841ab6a381d5987443be0aa9a199570 107004 debug optional curl-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb 903853d83dae1574cadf5919f1069432 10901 web optional curl_7.64.0-2ubuntu1.2_i386.buildinfo db3b494454833d36b18475f5b5188491 169168 web optional curl_7.64.0-2ubuntu1.2_i386.deb 67af77b5b900625feaf4e89bf077dfc4 649092 debug optional libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb 8cffa706583278b95f320d2086b9d5fe 256120 libs optional libcurl3-gnutls_7.64.0-2ubuntu1.2_i386.deb fcd5faa5eaa678e243a4c1771b635f2e 685692 debug optional libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb a8a1a13f42df66d5ec08f85fa3717873 262372 libs optional libcurl3-nss_7.64.0-2ubuntu1.2_i386.deb b4af9788f92eee11da04fcba813f9132 666740 debug optional libcurl4-dbgsym_7.64.0-2ubuntu1.2_i386.ddeb 124740ebd7baa4d651a8d7539c6f0b2b 351172 libdevel optional libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_i386.deb 07312d9e839b256b258dd1cc95616319 357904 libdevel optional libcurl4-nss-dev_7.64.0-2ubuntu1.2_i386.deb 726ff24fc21bb32bb2afb5ef754e7bb0 353964 libdevel optional libcurl4-openssl-dev_7.64.0-2ubuntu1.2_i386.deb 16304f1eb219be3a56a57a72d061b851 259108 libs optional libcurl4_7.64.0-2ubuntu1.2_i386.deb Original-Maintainer: Alessandro Ghedini