Format: 1.8 Date: Wed, 29 Apr 2015 10:23:26 -0400 Source: curl Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: armhf Version: 7.37.1-1ubuntu3.4 Distribution: utopic Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb) libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.37.1-1ubuntu3.4) utopic-security; urgency=medium . * SECURITY UPDATE: NTLM connection reuse when unauthenticated - debian/patches/CVE-2015-3143.patch: require credentials to match in lib/url.c. - CVE-2015-3143 * SECURITY UPDATE: host name out of boundary memory access - debian/patches/CVE-2015-3144.patch: check for valid length in lib/url.c. - CVE-2015-3144 * SECURITY UPDATE: cookie parser out of boundary memory access - debian/patches/CVE-2015-3145.patch: properly handle a single double quote in lib/cookie.c. - CVE-2015-3145 * SECURITY UPDATE: negotiate not treated as connection-oriented - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between each exchange and close Negotiate connections when done in lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c. - CVE-2015-3148 * SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c, tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c. - CVE-2015-3153 Checksums-Sha1: 5f512666b0fe950cbc86ca088c0e5d761eceb2b7 121354 curl_7.37.1-1ubuntu3.4_armhf.deb e161ee5327f0a05b82e5dff5310d7c56353f7161 1000 curl-udeb_7.37.1-1ubuntu3.4_armhf.udeb f6325b97b7395921491101075fa6245344ef0f26 156552 libcurl3_7.37.1-1ubuntu3.4_armhf.deb bda048a2f79924a4f2d2665c528593ec30e9a8e9 886 libcurl3-udeb_7.37.1-1ubuntu3.4_armhf.udeb 6ad07697068f5684c257e82ca28b870c23ef8c85 149982 libcurl3-gnutls_7.37.1-1ubuntu3.4_armhf.deb f3f6d44d1f1069e4f8d26cedb2dfd556ac3bbcac 159510 libcurl3-nss_7.37.1-1ubuntu3.4_armhf.deb 55d5461da2333858340fa4dfce6247d9d62b5008 223854 libcurl4-openssl-dev_7.37.1-1ubuntu3.4_armhf.deb dbce2d865aa8236ac2a6bd9cfd6346fa46aa6cb5 216232 libcurl4-gnutls-dev_7.37.1-1ubuntu3.4_armhf.deb 8127a9227b430619bc81d68dafbc626076847739 227108 libcurl4-nss-dev_7.37.1-1ubuntu3.4_armhf.deb a68abaf7563808d1ce379ed68d5ba183418b9a75 3220072 libcurl3-dbg_7.37.1-1ubuntu3.4_armhf.deb Checksums-Sha256: 85daf8da9962d46edf3b2971a314d00056d61d384fdb360dd2cbfb250fade7ea 121354 curl_7.37.1-1ubuntu3.4_armhf.deb 77a703766aaba549a13438b94b1e06a670bece3bec55c02b777f499147839fa2 1000 curl-udeb_7.37.1-1ubuntu3.4_armhf.udeb 5a6997ca710f23e5b77655177ab749bcd0eec53ac2d4bc232a921642353b3f37 156552 libcurl3_7.37.1-1ubuntu3.4_armhf.deb f8d23e1a0a50388f98583c08426f0544995db976e522983dd7a16f57b5ce7cb3 886 libcurl3-udeb_7.37.1-1ubuntu3.4_armhf.udeb 227679a801b7467d13f46204923af82dd755307c90c93c682c93ea1ff719810d 149982 libcurl3-gnutls_7.37.1-1ubuntu3.4_armhf.deb f4a7f9c86488b70d15eec661083be86288399ab005f44d7890ba2dfa27640c58 159510 libcurl3-nss_7.37.1-1ubuntu3.4_armhf.deb 63c229bc21e54deda9196e1c85305e2c866f0cdf1b8472a4e9b7ec045fb58c34 223854 libcurl4-openssl-dev_7.37.1-1ubuntu3.4_armhf.deb 59819be3a7454bbef1969d36e03cd231af587dfa50d5ccb95a03dd460d55ff3e 216232 libcurl4-gnutls-dev_7.37.1-1ubuntu3.4_armhf.deb 43fadf4d5d1694f43926e951b7d1d845423275887f3e48072ff9724c8a195b06 227108 libcurl4-nss-dev_7.37.1-1ubuntu3.4_armhf.deb 24cbab76899bd90eb5a666afaff45b09a2c909f8c35fa57dfc6867eed54e3467 3220072 libcurl3-dbg_7.37.1-1ubuntu3.4_armhf.deb Files: c1ba18a1fe1e616e2547686dc7ee8d57 121354 web optional curl_7.37.1-1ubuntu3.4_armhf.deb 804e3979115958357892007efc1682b3 1000 debian-installer optional curl-udeb_7.37.1-1ubuntu3.4_armhf.udeb 4cc95d213dd4cbf00a54dfe9e622c593 156552 libs optional libcurl3_7.37.1-1ubuntu3.4_armhf.deb 7d4ab1361fdcfe90e9871a176916ed64 886 debian-installer optional libcurl3-udeb_7.37.1-1ubuntu3.4_armhf.udeb cddfb6050a61b34f5378ef5710031c19 149982 libs optional libcurl3-gnutls_7.37.1-1ubuntu3.4_armhf.deb 1ec6bb9792c45338aac135d3bdd70e89 159510 libs optional libcurl3-nss_7.37.1-1ubuntu3.4_armhf.deb 5e582553741c3b4f8b12c4c45928fa83 223854 libdevel optional libcurl4-openssl-dev_7.37.1-1ubuntu3.4_armhf.deb 62ebb3eee5b26ba3d11d8d817aeec61d 216232 libdevel optional libcurl4-gnutls-dev_7.37.1-1ubuntu3.4_armhf.deb b32a230902e7897fa3c443ace58318da 227108 libdevel optional libcurl4-nss-dev_7.37.1-1ubuntu3.4_armhf.deb 2e654f7ff8da8e33e6e01d2ebcae4156 3220072 debug extra libcurl3-dbg_7.37.1-1ubuntu3.4_armhf.deb Original-Maintainer: Alessandro Ghedini Package-Type: udeb