Format: 1.8 Date: Tue, 01 Dec 2020 13:01:10 -0500 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: i386 Version: 7.58.0-2ubuntu3.12 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.12) bionic-security; urgency=medium . * SECURITY UPDATE: FTP redirect to malicious host via PASV response - debian/patches/CVE-2020-8284.patch: use CURLOPT_FTP_SKIP_PASV_IP by default in lib/url.c, src/tool_cfgable.c, docs/*, tests/data/*. - CVE-2020-8284 * SECURITY UPDATE: FTP wildcard stack buffer overflow in libcurl - debian/patches/CVE-2020-8285.patch: make wc_statemach loop instead of recurse in lib/ftp.c. - CVE-2020-8285 * SECURITY UPDATE: Inferior OCSP verification - debian/patches/CVE-2020-8286.patch: make the OCSP verification verify the certificate id in lib/vtls/openssl.c. - CVE-2020-8286 Checksums-Sha1: 2deabbc0a29d3f9c10778a54ac4fc669c4dbb65f 128048 curl-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb f27d3df3220d194ffd1bd4c10878f15584b83ea0 11639 curl_7.58.0-2ubuntu3.12_i386.buildinfo 91aced1e674068b6996a06f227754c0840a3b3da 162148 curl_7.58.0-2ubuntu3.12_i386.deb 1076f5303c2abe44fb43a53ea781d0422baad1e9 1157084 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb 171bc62c1c63951a4e6f2e42ce1448fbd00dc67c 235800 libcurl3-gnutls_7.58.0-2ubuntu3.12_i386.deb 7ba6a3e5d1060669363dad1484f31452889307ea 1177464 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb dcdfcf9d4f2ca81d2b960dcf454a1053f9fe804e 241872 libcurl3-nss_7.58.0-2ubuntu3.12_i386.deb df9ed59491d1be868cd6fcd7e560c3706b2e4053 1175680 libcurl4-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb f92ef848528505be26a324848a18af183393a578 326540 libcurl4-gnutls-dev_7.58.0-2ubuntu3.12_i386.deb 4a4deffd6c51331647c4a7d62d15f4e772bf98bd 333080 libcurl4-nss-dev_7.58.0-2ubuntu3.12_i386.deb 7f45ce1c48dbb5090e20a5bf2c012e858c87560f 328748 libcurl4-openssl-dev_7.58.0-2ubuntu3.12_i386.deb 270261d8e764d69bf969404a3f6c780aec6975ed 238704 libcurl4_7.58.0-2ubuntu3.12_i386.deb Checksums-Sha256: e7c9f733f76cdc0ac9e725a3e4d892817b38d7165e86416772a1a14dbda44e22 128048 curl-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb ba77b4c9a5abe6334e7e2665e3e6c5bf1fe69fd8dc66d663748f757d269efdb6 11639 curl_7.58.0-2ubuntu3.12_i386.buildinfo 3ba3c8ed1ad2ec4e7f7c0368f5db93145e353f8b04b2f03a9f1bda80417988d9 162148 curl_7.58.0-2ubuntu3.12_i386.deb 84a172aa38c2e109033a324ae040a798c2b6fda9e7f91a33ff03f20ef8deccf2 1157084 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb ea6e20ba60cc85f34b3fab8075b1fa066d3265658cce58944eb47014041e860c 235800 libcurl3-gnutls_7.58.0-2ubuntu3.12_i386.deb 4fae0f03e919e1d0690789eaa683a506e764f9460ca48e1a387de67610fc7ff9 1177464 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb 7d6abb4310baf1fbcab4d0001afd8e8133cb1d8643935c1a1d8d1b67e856c707 241872 libcurl3-nss_7.58.0-2ubuntu3.12_i386.deb 73a592be7531a5d8b2b0f3e95c546d577d0cc8eacf4f6cdc81aaa7312d32e229 1175680 libcurl4-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb dce5dabea5270d1ed6350b04366e3178f5d744246b10dec1c9a7f0933da65317 326540 libcurl4-gnutls-dev_7.58.0-2ubuntu3.12_i386.deb 958a04a5400ac5e1abe1568b3dd769683e97c6ce28d0e0f556f896836404daa0 333080 libcurl4-nss-dev_7.58.0-2ubuntu3.12_i386.deb bec8ec951361bf424ce112a72022b80f8cb209aafeed3e00e36b7f39b962769d 328748 libcurl4-openssl-dev_7.58.0-2ubuntu3.12_i386.deb 9071799b842ba5e2d6a551db3af3dc88f3c8b06f1088a41c4be0832784398958 238704 libcurl4_7.58.0-2ubuntu3.12_i386.deb Files: 6eb9905f596f11aa8c06bf4b97c43693 128048 debug optional curl-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb 3435bb540dea684714b660c8a488d9a5 11639 web optional curl_7.58.0-2ubuntu3.12_i386.buildinfo e7c05cfc9dd9b7f71109549a2518ba4b 162148 web optional curl_7.58.0-2ubuntu3.12_i386.deb e5829f64c8be23c1c2b57012e634b59a 1157084 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb eeade9bdabf73f4bbe27291a72e21e68 235800 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.12_i386.deb b64cef68ea52705a98915ea238b886e4 1177464 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb c3d2d9e8a1e45e893f2f2d0cee3fc4f2 241872 libs optional libcurl3-nss_7.58.0-2ubuntu3.12_i386.deb 0a55dce207289c82b9736346fb5efd36 1175680 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.12_i386.ddeb 3b5dbdded5437e3ca72c1d879855a72c 326540 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.12_i386.deb 30d790ee37929963905a932744fb038a 333080 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.12_i386.deb c63b48b60de190c3d8c53f0067e87f25 328748 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.12_i386.deb 61ca5b1c734f3f6f975f40ad6c05ed47 238704 libs optional libcurl4_7.58.0-2ubuntu3.12_i386.deb Original-Maintainer: Alessandro Ghedini