Format: 1.8 Date: Fri, 06 Sep 2019 14:50:00 +0930 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: ppc64el Version: 7.64.0-2ubuntu1.2 Distribution: disco Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Alex Murray Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.64.0-2ubuntu1.2) disco-security; urgency=medium . * SECURITY UPDATE: double-free when using kerberos over FTP may cause denial-of-service - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid double-free on large memory allocation failures - CVE-2019-5481 * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may cause denial-of-service or remote code-execution - debian/patches/CVE-2019-5482.patch: ensure to use the correct block size when calling recvfrom() if the server returns an OACK without specifying a block size in lib/tftp.c - CVE-2019-5482 Checksums-Sha1: d8052b2dce257a3ff9ec5018070781560a326c25 122672 curl-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb 32122871473656225b302ac120a0d452f9efeb26 11056 curl_7.64.0-2ubuntu1.2_ppc64el.buildinfo 20952c3eceb96586859b7e30bfaf5dd1820e9071 170044 curl_7.64.0-2ubuntu1.2_ppc64el.deb 1f437069f9fbf268f7291b7ae651ea7369d3b05d 800028 libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb c5f046fc5c8a0f539fcadbbe6d0fe875b951a30a 261244 libcurl3-gnutls_7.64.0-2ubuntu1.2_ppc64el.deb b5791d2a0e49d8ecbc866a654e175bc19c186661 840644 libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb f0aa5a83730bc6b4c29ef130cf1a61f2abdf3d4c 268972 libcurl3-nss_7.64.0-2ubuntu1.2_ppc64el.deb bd2aaecc955cb383efaab43e4a74cda7d7ea1ed2 815240 libcurl4-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb d02f7dcfdd067d49da814f55bce2a96bc68b0430 363648 libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_ppc64el.deb a8651fcda28bba4eba80eecba32a02f5a602c7f5 371320 libcurl4-nss-dev_7.64.0-2ubuntu1.2_ppc64el.deb 922d85ee13b969f074e352f28c2d492288137d98 362252 libcurl4-openssl-dev_7.64.0-2ubuntu1.2_ppc64el.deb 71bf23aa3a256fcb2d3cdf71a0f5574feb6ebed4 260604 libcurl4_7.64.0-2ubuntu1.2_ppc64el.deb Checksums-Sha256: 4809e43a22b1ccad144691aba3648449fbe2f0d0c563da9ac824652a43cb51d8 122672 curl-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb 1fecc27d1675098c19fbbed8ddecc25702f41b3be5a495d32c6afe689ce8148b 11056 curl_7.64.0-2ubuntu1.2_ppc64el.buildinfo 8148a9f40e6c763149d4bf72bf7da6f84639f9d0b17d4b1e352e366649466200 170044 curl_7.64.0-2ubuntu1.2_ppc64el.deb 5b4b0dfc768bc3a7c34d5433a91db86b883b03c16cdd714ae7ee437e8b4402fb 800028 libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb fe9e65197b36430fd317fd76cf9366fe2fe72084fe32f9ca2d64e140ed04ffd5 261244 libcurl3-gnutls_7.64.0-2ubuntu1.2_ppc64el.deb d76c623a6f3c7f71a37c341d6878e818b345177c5134fab036cd04406285cabf 840644 libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb 6c12adbf3dc28af56d109b8df535fd875ad74caa73a1c90caccdf84c44289cb2 268972 libcurl3-nss_7.64.0-2ubuntu1.2_ppc64el.deb ec354917db6a14d06d1525bd032734a78c17b9b3b240519308898aaef8da9711 815240 libcurl4-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb dee47dcee8f7b8766ae4094d9054087e05a4d76e92b2cd7c22ff169a01df13cb 363648 libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_ppc64el.deb 43ce7a6869b5c287f21720ba3688d8cac14e30b7b5a5d10a94a28bc6b70e8f9b 371320 libcurl4-nss-dev_7.64.0-2ubuntu1.2_ppc64el.deb 1fc21179bd0a2cf85776dc229aa7e278bcc4a732ec8a705474829c93f7c9c4ec 362252 libcurl4-openssl-dev_7.64.0-2ubuntu1.2_ppc64el.deb 6025744394cc5e4b4f4f83d5779a273b9c6b67c375a1cdb78d48cce9e8b331c7 260604 libcurl4_7.64.0-2ubuntu1.2_ppc64el.deb Files: 5cca476d5618aa3036a46d22937b6933 122672 debug optional curl-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb 37c76710ed0d429d447dbf48ef05ff08 11056 web optional curl_7.64.0-2ubuntu1.2_ppc64el.buildinfo d77a49c6b2bb9291a08b46b5776f440c 170044 web optional curl_7.64.0-2ubuntu1.2_ppc64el.deb 1aab97854f9f58a7aa461f284ecc974c 800028 debug optional libcurl3-gnutls-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb ba087093128ee785ab4397e5c8ce02c0 261244 libs optional libcurl3-gnutls_7.64.0-2ubuntu1.2_ppc64el.deb 4c08994a6115de461dcf6f7f07f1736a 840644 debug optional libcurl3-nss-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb d234b10344437cd9c771bae9dbb18100 268972 libs optional libcurl3-nss_7.64.0-2ubuntu1.2_ppc64el.deb c23986460a8502d343ddb7aea5e9e96b 815240 debug optional libcurl4-dbgsym_7.64.0-2ubuntu1.2_ppc64el.ddeb 6e948476af8d34598a04c9dd20fc95ad 363648 libdevel optional libcurl4-gnutls-dev_7.64.0-2ubuntu1.2_ppc64el.deb bb64cbd21d63552f0ba1e42f11d1c9ff 371320 libdevel optional libcurl4-nss-dev_7.64.0-2ubuntu1.2_ppc64el.deb d05f3c1f97d332c72ecefa57e298fa1c 362252 libdevel optional libcurl4-openssl-dev_7.64.0-2ubuntu1.2_ppc64el.deb e55177243d128fa4ae01ef7eb523a905 260604 libs optional libcurl4_7.64.0-2ubuntu1.2_ppc64el.deb Original-Maintainer: Alessandro Ghedini