[ubuntu/cosmic-proposed] curl 7.58.0-2ubuntu4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed May 16 17:36:20 UTC 2018
curl (7.58.0-2ubuntu4) cosmic; urgency=medium
* SECURITY UPDATE: FTP shutdown response buffer overflow
- debian/patches/CVE-2018-1000300.patch: check data size in
lib/pingpong.c.
- CVE-2018-1000303
* SECURITY UPDATE: RTSP bad headers buffer over-read
- debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
bad response-line is parsed in lib/http.c.
- CVE-2018-1000301
Date: Wed, 16 May 2018 11:54:05 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 16 May 2018 11:54:05 -0400
Source: curl
Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.58.0-2ubuntu4
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
curl (7.58.0-2ubuntu4) cosmic; urgency=medium
.
* SECURITY UPDATE: FTP shutdown response buffer overflow
- debian/patches/CVE-2018-1000300.patch: check data size in
lib/pingpong.c.
- CVE-2018-1000303
* SECURITY UPDATE: RTSP bad headers buffer over-read
- debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
bad response-line is parsed in lib/http.c.
- CVE-2018-1000301
Checksums-Sha1:
f05041d8cd9901247141640820bcc22df017fd6d 2769 curl_7.58.0-2ubuntu4.dsc
1430e618543cba50f3d91c278586b8ac09e37aee 35240 curl_7.58.0-2ubuntu4.debian.tar.xz
34d67f438b2e23f6b6fefda334891d74f590585b 8960 curl_7.58.0-2ubuntu4_source.buildinfo
Checksums-Sha256:
0e3092f848e97b29e3b3025a4060c12a7fe3ad6f035fa1684f8160151f7e7433 2769 curl_7.58.0-2ubuntu4.dsc
03d5d61395810d4e3c5b33aebb505bb2403ba2e08981bb9140fbe9927a970645 35240 curl_7.58.0-2ubuntu4.debian.tar.xz
0c83ceff1e33be944b439e4d5210d77765f618f0c8e1011bb5f0d8758023c778 8960 curl_7.58.0-2ubuntu4_source.buildinfo
Files:
04d8e706146bb45c9b02dcf6da8c34a1 2769 web optional curl_7.58.0-2ubuntu4.dsc
d49047f7eaae95a9b9b4232f9880a31c 35240 web optional curl_7.58.0-2ubuntu4.debian.tar.xz
f82282cdf392692c3832c1c3cb3a5b92 8960 web optional curl_7.58.0-2ubuntu4_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlr8az4ACgkQZWnYVadE
vpNtnxAAh/0JZ02x5t57wf9dfcrls0peq4vkYBaH9UULd0UQhIQ13SPUfCOxMYcE
2PsGa/vISb2x89aBx4rHq//J944d16N21xB6aom3RPfZrTr6TA9QmImQgleCucRI
dpECE3On2amc8dlFmyRk93yicxX9A5CJWEJfO5LMHM0x6CvedGgSJXyQkFzPXN7C
4Ew4BcN+s2XqeixhLbHMqLZIZzMX/9xRIrR78b2zBE682TVIPhipXqsaYYW5rCia
91PHqsY4r7B6QbfZVOxRX0nn5y7BjtpooDlesFsSKZbH3Z8FfXHgHHfIgouwICSH
YmTpYR8EgYuWXN0T1+vX97wZ5neP17/s/nrmDzXUYRPDZis7gCVRo9aCuyBoBiIV
HlFQ4XNN86K+2Ywn4AIqlDnBXa4viO92+3J44VnpUpqxzOo+s0t68j0mc5PKM5/u
5ei/JZJrAC4AU50iKTUMNQ+eTfMEb2xXrGs9id+zuzxJpTudC6g6uQsXbQdkrkzF
CLlxSRoCaoj+75+FWdgZdwNntxizx5jyIPpyVLbIQleAEIbLG5j29X9Q/6dXcdfI
veMKfFpUtk8Fod6/bk2T09DJixFMRWh2A0McnRQjiLtVo0SoU/a6D8vDtSiYEfmq
KK+xf+MEhYY2x8Q0jLBQAYTe/KqjY70yKs4cHN72oly6sUTiotM=
=jT9P
-----END PGP SIGNATURE-----
More information about the Cosmic-changes
mailing list