Format: 1.8 Date: Fri, 06 Sep 2019 14:57:21 +0930 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: amd64 all Version: 7.58.0-2ubuntu3.8 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Alex Murray Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.8) bionic-security; urgency=medium . * SECURITY UPDATE: double-free when using kerberos over FTP may cause denial-of-service - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid double-free on large memory allocation failures - CVE-2019-5481 * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may cause denial-of-service or remote code-execution - debian/patches/CVE-2019-5482.patch: ensure to use the correct block size when calling recvfrom() if the server returns an OACK without specifying a block size in lib/tftp.c - CVE-2019-5482 Checksums-Sha1: 843615ab544210751e7c1753d5f0d8bb0dfd546e 141848 curl-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb 886a2e0f73ae52f18a09f7edd3a206c76d1d7ab3 11926 curl_7.58.0-2ubuntu3.8_amd64.buildinfo 2946748081c0930f30cfbff93718db557b83fa96 159024 curl_7.58.0-2ubuntu3.8_amd64.deb a14625d04bf61b577531981a5422b8fa31fae145 1279392 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb fa12646e3a3db65bf90301e0bd210d04a9e55268 212512 libcurl3-gnutls_7.58.0-2ubuntu3.8_amd64.deb bd58556e5ac1ba7d3cac214c81c5bf2c1ab474b8 1310280 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb efe4a4949177239df8b778d014cdc03ab237f5c2 218720 libcurl3-nss_7.58.0-2ubuntu3.8_amd64.deb f09a0bc1c86b50d6841b2cb6a9a3d8cc7fc356a2 1286412 libcurl4-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb af56f88b1760df03e5d19596f850e81c72bc2ac3 834716 libcurl4-doc_7.58.0-2ubuntu3.8_all.deb 14723fd23b8058a107b2114deff2e41dbfd64426 293536 libcurl4-gnutls-dev_7.58.0-2ubuntu3.8_amd64.deb dfcfa64deb40ada1604082847d17d9a65457cd18 300076 libcurl4-nss-dev_7.58.0-2ubuntu3.8_amd64.deb 6713bc8883dccec7b64b91086c7ea5b2f50f7418 294472 libcurl4-openssl-dev_7.58.0-2ubuntu3.8_amd64.deb e87f609c1ba521a8a01006ceb6841744055294ed 214076 libcurl4_7.58.0-2ubuntu3.8_amd64.deb Checksums-Sha256: be074293cd3d003cd1ed0e6df2739c08a27b1bdb3f3ddfc2345349a60e9d8e11 141848 curl-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb b09b10e2c1e84580159cb2c9cc8252fd853ff27c9b773308ff960489622d6379 11926 curl_7.58.0-2ubuntu3.8_amd64.buildinfo 5a96bfaa603ec89e09c1cd4799f6bb7c6b242c06359216ee9943e93c354b3b3b 159024 curl_7.58.0-2ubuntu3.8_amd64.deb 60aadb58e87c0f7c47b7fb5c73f20c3ff790584e1bde4fe731ee3c627c3f77e7 1279392 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb abe38dc3449c388fbc10d03d056ec2dcf6707dd5ce3e11cc228165bfe22c0560 212512 libcurl3-gnutls_7.58.0-2ubuntu3.8_amd64.deb 0e1282c14081c5466cf0eb61b995340477144e7ad5b0322e2fdc539c7174f963 1310280 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb d6ac3163a5587587bd80810f2259f59cdd2e3b65584649cd86d981bb1efbcc6b 218720 libcurl3-nss_7.58.0-2ubuntu3.8_amd64.deb c13050e5af9a793681e13f6229a58deb9a1b711f673938e06f5b396ece7755c7 1286412 libcurl4-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb e34ccae72cecb2ef7913b5203e969a18512d9d32ec149900712bc369bc6b7eb6 834716 libcurl4-doc_7.58.0-2ubuntu3.8_all.deb 59b445e4bd7d21a2a07704ee1e4f54f16489815be194f7402e2376c6a70c15c4 293536 libcurl4-gnutls-dev_7.58.0-2ubuntu3.8_amd64.deb 8534ddf2169990dbbe1c1951cba2dc0f762fccef0a5976a6d7b77dfdb47ed62a 300076 libcurl4-nss-dev_7.58.0-2ubuntu3.8_amd64.deb c94658455ef1527ad75203a940579cbfa04fe9de44f6cc64fbcfe0590d07e61c 294472 libcurl4-openssl-dev_7.58.0-2ubuntu3.8_amd64.deb 185a3d7f5c6dfc747f5bb919ee3a68b30af6e8a42581115fffabd8d9ef744ea7 214076 libcurl4_7.58.0-2ubuntu3.8_amd64.deb Files: 9a063e1da93ee9558a584cfc6483bc0f 141848 debug optional curl-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb 7fc2b8c7d50922ef7a4c46e14468b5a0 11926 web optional curl_7.58.0-2ubuntu3.8_amd64.buildinfo cdfcd15dae9b6727c93be96ea600803f 159024 web optional curl_7.58.0-2ubuntu3.8_amd64.deb 3c8ff8e6c1af4ad6540046099be5e05e 1279392 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb 4d0030e5c8941661e256c181914a4a37 212512 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.8_amd64.deb 7a24436f1ebbf5d994f85cd90d70b2a0 1310280 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb 914f443b564b767d63cf1db2f6d4e88b 218720 libs optional libcurl3-nss_7.58.0-2ubuntu3.8_amd64.deb 30809e74c8c55f28d0fca3602236719f 1286412 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.8_amd64.ddeb e94dccef32acc79a6971d59223ca29da 834716 doc optional libcurl4-doc_7.58.0-2ubuntu3.8_all.deb f49e1557d3a42407d784ae7562fbcb1a 293536 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.8_amd64.deb 3997bb6b380c4b0c506ee646a142c25c 300076 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.8_amd64.deb 41ba2aa780afe9233fa92b16aad6bac0 294472 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.8_amd64.deb 353281d608ac6475ed579d015e59712e 214076 libs optional libcurl4_7.58.0-2ubuntu3.8_amd64.deb Original-Maintainer: Alessandro Ghedini