Format: 1.8 Date: Fri, 10 Sep 2021 10:29:24 -0400 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: i386 Version: 7.58.0-2ubuntu3.15 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.15) bionic-security; urgency=medium . * SECURITY UPDATE: Protocol downgrade required TLS bypassed - debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over HTTPS proxy in lib/ftp.c, lib/urldata.h. - debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc, tests/data/test984, tests/data/test985, tests/data/test986. - CVE-2021-22946 * SECURITY UPDATE: STARTTLS protocol injection via MITM - debian/patches/CVE-2021-22947.patch: reject STARTTLS server response pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c, tests/data/Makefile.inc, tests/data/test980, tests/data/test981, tests/data/test982, tests/data/test983. - CVE-2021-22947 Checksums-Sha1: c97af9c43b892ea1472597dde3a655edc80dc11f 127992 curl-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb 88c4d3bf6b4540df77254bb66822ff85b4e1451a 11718 curl_7.58.0-2ubuntu3.15_i386.buildinfo 4d9e1b07b8117fd902553a935214edfcb48cf34c 162184 curl_7.58.0-2ubuntu3.15_i386.deb b7a523d1510179893c62c3b03f186465ef4d8eab 1179104 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb b1aa228014e25f2e8cfddd63ac00093aafb84c1c 241892 libcurl3-gnutls_7.58.0-2ubuntu3.15_i386.deb 9a828e94ef9eb576c52b55976387ef91b16ab295 1198580 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb f045a00312ca1a39c8d821c150c96f3d97b31f38 247692 libcurl3-nss_7.58.0-2ubuntu3.15_i386.deb 71a5184a58dca29240f3333874fce244a3c0c214 1196148 libcurl4-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb fec422bb28de66f76a606fa3cc1d61d54a3a3d29 334308 libcurl4-gnutls-dev_7.58.0-2ubuntu3.15_i386.deb fd805ad99951b9d5454efc2ccade6d0f86d54a2e 340580 libcurl4-nss-dev_7.58.0-2ubuntu3.15_i386.deb 3060991bf0bcf32e9e5d4854d636b72804e53e56 336240 libcurl4-openssl-dev_7.58.0-2ubuntu3.15_i386.deb 7bb0f6387b1cec6855685e2090497cddcb234909 244720 libcurl4_7.58.0-2ubuntu3.15_i386.deb Checksums-Sha256: 944c91a15d64dd7027841598a2193436b29cd9f52fa167abbb529137e0f3c0fd 127992 curl-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb b120472d2d551f0391370d71cf3d2c1b75528ab84bac3af624df89deb851248f 11718 curl_7.58.0-2ubuntu3.15_i386.buildinfo 479f58ee2acbfef7f710f4f83c7171a95f0040927237075fd98a1f5b3e778490 162184 curl_7.58.0-2ubuntu3.15_i386.deb b942414cfdc7a4583d9d6e265544a502a54fb74398262fcfe159267717fb4973 1179104 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb a6bbbc004d8c47fefd8435fd209dce74f55f59d237d7330897265d031d85b1a1 241892 libcurl3-gnutls_7.58.0-2ubuntu3.15_i386.deb 9fb044fd45e37677dfa35cfa25e826184130a669949e69dc6b0736e1b201798e 1198580 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb 4a9224b154b245aecc2ab668f4743e37470464e80e27ed128f1768ace6735cf0 247692 libcurl3-nss_7.58.0-2ubuntu3.15_i386.deb 6add4facd03059d1d1ed0ca90e8901abf36196c0b65379aa4255cb5dda108422 1196148 libcurl4-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb 514fd131b5599f66a20783857af3d2f55b1b7e446ef5e67c070ab6a57c9890f3 334308 libcurl4-gnutls-dev_7.58.0-2ubuntu3.15_i386.deb 728a2c651f23af89abe24f02b644ecde2d91b6b0afc92ff1d81c2f5d1a101c03 340580 libcurl4-nss-dev_7.58.0-2ubuntu3.15_i386.deb eece22191f57f2360a3c7d4a00d4689fba8683775c9895cd56f09c655ba1030a 336240 libcurl4-openssl-dev_7.58.0-2ubuntu3.15_i386.deb a63dee94222520d7f4e621b2c1df451c1a4e213b159cb2ed4dd0e5afaee05774 244720 libcurl4_7.58.0-2ubuntu3.15_i386.deb Files: 3bc4fa5e20b2c3445cf1ec5e5d218943 127992 debug optional curl-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb ee035fac4ea1630baaf1837d4d35655b 11718 web optional curl_7.58.0-2ubuntu3.15_i386.buildinfo a626df2f06b01330a355e1758f7d7647 162184 web optional curl_7.58.0-2ubuntu3.15_i386.deb 268eb97cc65bf0a07e5268f05a58d060 1179104 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb 2099cc6d96318b3bb691c23af1a58ba1 241892 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.15_i386.deb a944ba920d935e39252b895422130935 1198580 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb b01ffb8dc1dc652ebdeeb13a7b54f0cb 247692 libs optional libcurl3-nss_7.58.0-2ubuntu3.15_i386.deb 22267cd41d3313e5b3adb63a6ee4d56e 1196148 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.15_i386.ddeb 4039a1693327779f623a9f5794abfebd 334308 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.15_i386.deb ef4b7e5da566f72b51618f57cbcd9b35 340580 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.15_i386.deb e5f1519ec20f8a5eadad3c7533d52289 336240 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.15_i386.deb effa1aa0d4dc7b7291be744085762050 244720 libs optional libcurl4_7.58.0-2ubuntu3.15_i386.deb Original-Maintainer: Alessandro Ghedini