Format: 1.8 Date: Wed, 29 Apr 2015 09:09:44 -0400 Source: curl Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: amd64 all Version: 7.38.0-3ubuntu2.2 Distribution: vivid Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb) libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-3ubuntu2.2) vivid-security; urgency=medium . * SECURITY UPDATE: NTLM connection reuse when unauthenticated - debian/patches/CVE-2015-3143.patch: require credentials to match in lib/url.c. - CVE-2015-3143 * SECURITY UPDATE: host name out of boundary memory access - debian/patches/CVE-2015-3144.patch: check for valid length in lib/url.c. - CVE-2015-3144 * SECURITY UPDATE: cookie parser out of boundary memory access - debian/patches/CVE-2015-3145.patch: properly handle a single double quote in lib/cookie.c. - CVE-2015-3145 * SECURITY UPDATE: negotiate not treated as connection-oriented - debian/patches/CVE-2015-3148.patch: close Negotiate connections when done in lib/http.c. - CVE-2015-3148 * SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c, tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c. - CVE-2015-3153 Checksums-Sha1: 6e951a991d835e31860c9204a466003903e13e98 129348 curl_7.38.0-3ubuntu2.2_amd64.deb faa68446a0e023de2296bc7839a083ab4a2a0352 1006 curl-udeb_7.38.0-3ubuntu2.2_amd64.udeb 50be68bb060cdfa537ba290efe9ddcb0ed3fc943 180246 libcurl3_7.38.0-3ubuntu2.2_amd64.deb 1c52a1e58a696276938445e73ee4571d27f45703 888 libcurl3-udeb_7.38.0-3ubuntu2.2_amd64.udeb ef39dd2f3e1562e656dbbf23a90c4adc50f41920 172134 libcurl3-gnutls_7.38.0-3ubuntu2.2_amd64.deb 04f1532a3f36aaf69121a7f0c355974d59ac2cd4 183948 libcurl3-nss_7.38.0-3ubuntu2.2_amd64.deb 39256c895350f56572b4b0c43d53044d8c9e16e9 252990 libcurl4-openssl-dev_7.38.0-3ubuntu2.2_amd64.deb 39929f71821cff93c6c621149424550a372c2e92 244418 libcurl4-gnutls-dev_7.38.0-3ubuntu2.2_amd64.deb d4ba7ddad92fa9a9c48ed8d21392f08d43470b00 257072 libcurl4-nss-dev_7.38.0-3ubuntu2.2_amd64.deb bd728a8ef73aeeb426a8d17e5d49d1245a8e36b7 3093110 libcurl3-dbg_7.38.0-3ubuntu2.2_amd64.deb a47d58f45afbe8f6608a9e397ac33dc26fde40b9 997300 libcurl4-doc_7.38.0-3ubuntu2.2_all.deb Checksums-Sha256: ad6c412f683719569120d62cafe89288870f9310cb3400ffca7cdcdde5e44469 129348 curl_7.38.0-3ubuntu2.2_amd64.deb debae756ded17407a13f3dc814708033ae44175c913353eaee5f65f98ac579f0 1006 curl-udeb_7.38.0-3ubuntu2.2_amd64.udeb 67bddcd57a235ba45f3698115c5c2f77c4f36bb540a387b663eda589ccc53364 180246 libcurl3_7.38.0-3ubuntu2.2_amd64.deb e90e9767d9c21af7ef989eef9cd27b80b25916fb1fd901a66b814bb9a51c09e8 888 libcurl3-udeb_7.38.0-3ubuntu2.2_amd64.udeb ffc1eb7b26bd67856b278faf5277c1ff9a4187c3e1d5236d825cf13c3fd020f4 172134 libcurl3-gnutls_7.38.0-3ubuntu2.2_amd64.deb 32a50daac95a4bfb1e550dff770cff95a860bbcc0ce1e55054156ce453d82849 183948 libcurl3-nss_7.38.0-3ubuntu2.2_amd64.deb f907d373d1b93ca494bde29b5a6ca0f3a79a39c4025e5897c0a4515634c5f5de 252990 libcurl4-openssl-dev_7.38.0-3ubuntu2.2_amd64.deb 5634cc1a8259478698b5d6175081d71910d4d439cc8f25010bfe185650f7e57a 244418 libcurl4-gnutls-dev_7.38.0-3ubuntu2.2_amd64.deb 41198496237e3519373503ac4f59f9dceef9f431fe16f97890462e00557468d9 257072 libcurl4-nss-dev_7.38.0-3ubuntu2.2_amd64.deb 349ced3a29c53649a38425d1f8fecd54a625f710e528b092b3ebdd0e561f2a32 3093110 libcurl3-dbg_7.38.0-3ubuntu2.2_amd64.deb 6329e97d8478349ab318a9d4f7dececdb8b48af9511db252ff1287416723bdcc 997300 libcurl4-doc_7.38.0-3ubuntu2.2_all.deb Files: ad9e5155717b1e6d2bdebe21dd1f6768 129348 web optional curl_7.38.0-3ubuntu2.2_amd64.deb de3ca185d733945e5af2098b8eb55fdd 1006 debian-installer optional curl-udeb_7.38.0-3ubuntu2.2_amd64.udeb 9e3f33ba9a4d1c646ad6e44eb89b34cd 180246 libs optional libcurl3_7.38.0-3ubuntu2.2_amd64.deb 8eee12ecf58cb27bc6975d966ee454b4 888 debian-installer optional libcurl3-udeb_7.38.0-3ubuntu2.2_amd64.udeb 80ba3a038650f6d3595c6bb693601fa0 172134 libs optional libcurl3-gnutls_7.38.0-3ubuntu2.2_amd64.deb 0355d553578f11064502fb603139209c 183948 libs optional libcurl3-nss_7.38.0-3ubuntu2.2_amd64.deb f15fbc161a54821334d07d2e631728ec 252990 libdevel optional libcurl4-openssl-dev_7.38.0-3ubuntu2.2_amd64.deb 81e6762217b483e97425f1b2c42e4e41 244418 libdevel optional libcurl4-gnutls-dev_7.38.0-3ubuntu2.2_amd64.deb 82ea1f959333ea61e7e0884c5f280360 257072 libdevel optional libcurl4-nss-dev_7.38.0-3ubuntu2.2_amd64.deb 185117c33f6070e4a2904907c8430e52 3093110 debug extra libcurl3-dbg_7.38.0-3ubuntu2.2_amd64.deb c885905b2899668c54c7d334b4ffb64d 997300 doc optional libcurl4-doc_7.38.0-3ubuntu2.2_all.deb Original-Maintainer: Alessandro Ghedini Package-Type: udeb