Format: 1.8 Date: Wed, 26 Oct 2022 06:47:08 -0400 Source: curl Binary: curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Built-For-Profiles: noudeb Architecture: amd64 all Version: 7.85.0-1ubuntu0.1 Distribution: kinetic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.85.0-1ubuntu0.1) kinetic-security; urgency=medium . * SECURITY UPDATE: POST following PUT confusion - debian/patches/CVE-2022-32221.patch: when POST is set, reset the 'upload' field in lib/setopt.c. - CVE-2022-32221 * SECURITY UPDATE: .netrc parser out-of-bounds access - debian/patches/CVE-2022-35260.patch: replace fgets with Curl_get_line in lib/curl_get_line.c, lib/netrc.c. - CVE-2022-35260 * SECURITY UPDATE: HTTP proxy double-free - debian/patches/CVE-2022-42915.patch: restore the protocol pointer on error in lib/http_proxy.c, lib/url.c. - CVE-2022-42915 * SECURITY UPDATE: HSTS bypass via IDN - debian/patches/CVE-2022-42916.patch: use IDN decoded names for HSTS checks in lib/url.c. - CVE-2022-42916 Checksums-Sha1: c207fc290a7fe7c6c34ce293a10deaa44443a725 162164 curl-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb 27879a666da85e88794daa88bf90c4d5eb136a49 12938 curl_7.85.0-1ubuntu0.1_amd64.buildinfo b39dfbf7aa2591062bee599533feaafa38a508cc 199200 curl_7.85.0-1ubuntu0.1_amd64.deb 26160400b9150240d9c28f60276e2e3fa5b86a02 1015406 libcurl3-gnutls-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb ce1a3ec4189bd252222eb1a6a3704b8da9514858 288088 libcurl3-gnutls_7.85.0-1ubuntu0.1_amd64.deb 13bcd85695cac87dafd7db52b10756a6cb8bdcb0 1060886 libcurl3-nss-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb af7a4f7efa077652ca2d861469085ad287633dce 295706 libcurl3-nss_7.85.0-1ubuntu0.1_amd64.deb 95540c77fa49d54a8fbcc18f6ed474709f4d1be1 1041644 libcurl4-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb a5089c8f854c4985cd1ed204e0b077c9af5bd268 966806 libcurl4-doc_7.85.0-1ubuntu0.1_all.deb 6cf16217fdeccb7283e82131c4edcfc8b6eda27b 386582 libcurl4-gnutls-dev_7.85.0-1ubuntu0.1_amd64.deb 2ee11ba5432cf9f0d9c5dff3bb9472db4612e8b4 395802 libcurl4-nss-dev_7.85.0-1ubuntu0.1_amd64.deb 78ae4dadfeb8f3c8dbfc8641324505c93c23ca96 392810 libcurl4-openssl-dev_7.85.0-1ubuntu0.1_amd64.deb b6dd2aedfcff21487aedbe71e389c2a8672314df 293358 libcurl4_7.85.0-1ubuntu0.1_amd64.deb Checksums-Sha256: b8c23966879fbe9d20087e682a6296b964338dcd4de38ef45c8ae28fdc50b51f 162164 curl-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb 8eb7226f62dc529b03ec188a388b87bd195845725c0b23a91e656cdf6d46bfa1 12938 curl_7.85.0-1ubuntu0.1_amd64.buildinfo 4b99aa220d5573a7b9c7bd91a9d46ea74d7c0d3a1717c45a25f237662951e17d 199200 curl_7.85.0-1ubuntu0.1_amd64.deb b3ffe3270b62af81cff2968cfff1cdc0a924748d7cf474f072198c9b618ad803 1015406 libcurl3-gnutls-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb 5fb1eb5dbe549ed9d807be473be52262896f0ff74a14b61af3a123db265cc2cc 288088 libcurl3-gnutls_7.85.0-1ubuntu0.1_amd64.deb c8d4eb24d209d1cb1dbcd339971b0f01341036fa0107d1fb9454186aa4210767 1060886 libcurl3-nss-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb f8b544f4156f3cfa24ecfadc6f090b1855d84adfaf3055947a30978e41331b9d 295706 libcurl3-nss_7.85.0-1ubuntu0.1_amd64.deb 15e9ee315cc012c7f5fc1e3d405b3fb0ec64d0b790f6daec6fdcd8ca4f4b06ad 1041644 libcurl4-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb 761a28ebcfc0854f780a8dae5e841263323d8818e61212f88bf233e84d1f61a3 966806 libcurl4-doc_7.85.0-1ubuntu0.1_all.deb 65f2ed135f9a31f4a87951c154fc4a72858c9c3ef293aac9cb8e9d01161a9272 386582 libcurl4-gnutls-dev_7.85.0-1ubuntu0.1_amd64.deb 06c20ce749dca48890e9eb29581d0108eff63e50de5290685e27fdf3cd0e1031 395802 libcurl4-nss-dev_7.85.0-1ubuntu0.1_amd64.deb 793505a469d1d30524c143d78f482779ada8578655bf4c2b85a65e4316169f16 392810 libcurl4-openssl-dev_7.85.0-1ubuntu0.1_amd64.deb d6588f3d81e386795aa6285682d7af12a15320591fded8257b0e21a81eb90694 293358 libcurl4_7.85.0-1ubuntu0.1_amd64.deb Files: 295e1afdf122332cf0e5beeaa2d2b986 162164 debug optional curl-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb a5f0daadd3df4383ee7176b1286319ea 12938 web optional curl_7.85.0-1ubuntu0.1_amd64.buildinfo 2c4d4ddc4a6f3f7e25060cd4adf6004b 199200 web optional curl_7.85.0-1ubuntu0.1_amd64.deb 3bc2819bcc6a2aab82a9ed534003b5f2 1015406 debug optional libcurl3-gnutls-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb ad17d2fcb7761dff633c9d625a20bb97 288088 libs optional libcurl3-gnutls_7.85.0-1ubuntu0.1_amd64.deb 980d309137c0844eb8a5a4628e5ee793 1060886 debug optional libcurl3-nss-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb d78fcad136368d41c7c6afe8ecc2e199 295706 libs optional libcurl3-nss_7.85.0-1ubuntu0.1_amd64.deb af24898ead66d49d296348ce3f39d40e 1041644 debug optional libcurl4-dbgsym_7.85.0-1ubuntu0.1_amd64.ddeb 368331b24df7127ede38942abc974b0e 966806 doc optional libcurl4-doc_7.85.0-1ubuntu0.1_all.deb 1a403d555f7d213564767041be60d798 386582 libdevel optional libcurl4-gnutls-dev_7.85.0-1ubuntu0.1_amd64.deb a3a25d8ed51e84c3cd3b84c8efa46b71 395802 libdevel optional libcurl4-nss-dev_7.85.0-1ubuntu0.1_amd64.deb b5ca8cb04b625fdf14b1df0c598df50f 392810 libdevel optional libcurl4-openssl-dev_7.85.0-1ubuntu0.1_amd64.deb 40ce28d8dd4b233357a2100dfc9cc7ae 293358 libs optional libcurl4_7.85.0-1ubuntu0.1_amd64.deb Original-Maintainer: Alessandro Ghedini