Format: 1.8 Date: Fri, 10 Sep 2021 10:28:17 -0400 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: armhf Version: 7.68.0-1ubuntu2.7 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.68.0-1ubuntu2.7) focal-security; urgency=medium . * SECURITY UPDATE: Protocol downgrade required TLS bypassed - debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over HTTPS proxy in lib/ftp.c, lib/urldata.h. - debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc, tests/data/test984, tests/data/test985, tests/data/test986. - CVE-2021-22946 * SECURITY UPDATE: STARTTLS protocol injection via MITM - debian/patches/CVE-2021-22947.patch: reject STARTTLS server response pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c, tests/data/Makefile.inc, tests/data/test980, tests/data/test981, tests/data/test982, tests/data/test983. - CVE-2021-22947 Checksums-Sha1: 3db6f4e2b541ae2a2a072d4ae5881f08e72c8ed1 134444 curl-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 5eeb8dedc599110bec89d91afa2869c4444cda12 11587 curl_7.68.0-1ubuntu2.7_armhf.buildinfo 878d562238baf1e5674b03c68616780a06afa2c1 154432 curl_7.68.0-1ubuntu2.7_armhf.deb 0d736a4e24440ac6498213d436f583ec5ac6a3a3 730544 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 7b40efc0cbc328645e8268a6130d92c4179b66a2 201156 libcurl3-gnutls_7.68.0-1ubuntu2.7_armhf.deb 4726febbd1817bf7af98a8e7cc48c2853e984892 769364 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 7ab6c2b34192b245a372948bbd3177d60deddb25 207044 libcurl3-nss_7.68.0-1ubuntu2.7_armhf.deb 517a23c7e7f8b290a95e315a87072ee8a5ba8720 749072 libcurl4-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 9af72d95fd996d495b89f15641fbf7f603c807bf 291076 libcurl4-gnutls-dev_7.68.0-1ubuntu2.7_armhf.deb 113741e79ba7bd257d141ea887b96f9b3589a654 297656 libcurl4-nss-dev_7.68.0-1ubuntu2.7_armhf.deb 4ec9f56079be64219f7019bfa784d040d3fe0f93 293248 libcurl4-openssl-dev_7.68.0-1ubuntu2.7_armhf.deb 6ffa6580f56083f19705082edefdb2e65f3e55ce 202888 libcurl4_7.68.0-1ubuntu2.7_armhf.deb Checksums-Sha256: f43f4e98e5eac550c43e29bb15bff431cd15171e9c8f80f685feaa93fd286f6f 134444 curl-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb a088d5dfba6324ae7abf8ee8526b1c90563687c0acb6222f241b5630050ed4e3 11587 curl_7.68.0-1ubuntu2.7_armhf.buildinfo 7e9a25681e434377395bc10273fef336343841906f4f4d55b515b6acd9dfa167 154432 curl_7.68.0-1ubuntu2.7_armhf.deb 5709ede22bcd786a9c3262a07819c93229fc12f6616e66773fd3925ad0322672 730544 libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 32288fbc5431e1697366dc2461d827e087419dec02844b528e755d08f6e7759c 201156 libcurl3-gnutls_7.68.0-1ubuntu2.7_armhf.deb da86c8aed22213d48fb7f3e4c84fcca78259650009a9d677a5538980add99952 769364 libcurl3-nss-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb b230d8422f60c52c501c2e94bc6b5e7aca6b816f6675cb0c7d9ec0374f4744b1 207044 libcurl3-nss_7.68.0-1ubuntu2.7_armhf.deb 02404adca9fcbaabb0eeeb3d72c1ae705c72068258af9af610295ecba52825ce 749072 libcurl4-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 48eba0e9ed097dd05a86754e8b45f2f7eeb53917866642997f764065e0c88e1f 291076 libcurl4-gnutls-dev_7.68.0-1ubuntu2.7_armhf.deb 923d58e484e1e16c1cad8c6452188bf3c4c6c2dcca57edf5c1ef3e0b70a8de94 297656 libcurl4-nss-dev_7.68.0-1ubuntu2.7_armhf.deb d6eee9e68dca7408a4da40382b2d373999e2ac8cc48f9d090a1b5876b434f85c 293248 libcurl4-openssl-dev_7.68.0-1ubuntu2.7_armhf.deb 7caa56ff2da3795edf80c79ef2ac92842345ab1da6202ef11ef0e957a273e3a0 202888 libcurl4_7.68.0-1ubuntu2.7_armhf.deb Files: 9b0b5d27d0a556d8113ec52f13aaeb82 134444 debug optional curl-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb b0246a26c9db40b0ee758de6bb2cd903 11587 web optional curl_7.68.0-1ubuntu2.7_armhf.buildinfo 29bc0678fbfbdd57c1af4832d03f626c 154432 web optional curl_7.68.0-1ubuntu2.7_armhf.deb ce82222041a81190e97eb7f5cdd6cb89 730544 debug optional libcurl3-gnutls-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb f52d4811de0c4ceeb00180600ce29446 201156 libs optional libcurl3-gnutls_7.68.0-1ubuntu2.7_armhf.deb 3ada761551fd437d6b0c400934fb0175 769364 debug optional libcurl3-nss-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 4adf45d52570d03f626df40565031c60 207044 libs optional libcurl3-nss_7.68.0-1ubuntu2.7_armhf.deb c3efccfed9b9df0b1d1c53cffa71754d 749072 debug optional libcurl4-dbgsym_7.68.0-1ubuntu2.7_armhf.ddeb 970cd2dfd24b85afb56fcdaf23168453 291076 libdevel optional libcurl4-gnutls-dev_7.68.0-1ubuntu2.7_armhf.deb 2a9a3ccd70b51f953a250923a2217917 297656 libdevel optional libcurl4-nss-dev_7.68.0-1ubuntu2.7_armhf.deb 6d580058fe9911054b78875b76280690 293248 libdevel optional libcurl4-openssl-dev_7.68.0-1ubuntu2.7_armhf.deb 878c566490d91a2ceb78689d507c6e08 202888 libs optional libcurl4_7.68.0-1ubuntu2.7_armhf.deb Original-Maintainer: Alessandro Ghedini