[ubuntu/focal-proposed] curl 7.66.0-1ubuntu1 (Accepted)

Steve Langasek steve.langasek at ubuntu.com
Wed Nov 13 01:11:12 UTC 2019 

curl (7.66.0-1ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/control, debian/rules: build with libssh instead of libssh2.
  * Dropped changes, included upstream:
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c

curl (7.66.0-1) unstable; urgency=medium

  * New upstream release (Closes: #940024)
    + Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
      https://curl.haxx.se/docs/CVE-2019-5481.html
    + Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
      (Closes: #940010)
      https://curl.haxx.se/docs/CVE-2019-5482.html
  * Refresh patches
  * Enable brotli support (Closes: #940129)
  * Update *.symbols files

Date: Tue, 12 Nov 2019 17:05:51 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.66.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Nov 2019 17:05:51 -0800
Source: curl
Architecture: source
Version: 7.66.0-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 940009 940010 940024 940129
Changes:
 curl (7.66.0-1ubuntu1) focal; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/control, debian/rules: build with libssh instead of libssh2.
   * Dropped changes, included upstream:
     - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
        double-free on large memory allocation failures
     - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
       size when calling recvfrom() if the server returns an OACK without
       specifying a block size in lib/tftp.c
 .
 curl (7.66.0-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #940024)
     + Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
       https://curl.haxx.se/docs/CVE-2019-5481.html
     + Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
       (Closes: #940010)
       https://curl.haxx.se/docs/CVE-2019-5482.html
   * Refresh patches
   * Enable brotli support (Closes: #940129)
   * Update *.symbols files
Checksums-Sha1:
 29f2ed084c1adc07e8325630353fafc775dd2cde 2761 curl_7.66.0-1ubuntu1.dsc
 bae80018d31ae3a8b56505907ab8a2c69270326e 4066716 curl_7.66.0.orig.tar.gz
 8d948dc8cbccb72b828efaeca4d5f9f304f28f62 29980 curl_7.66.0-1ubuntu1.debian.tar.xz
 e1b460c12b1d4344d9af5a2beac84f2df7af75a2 7696 curl_7.66.0-1ubuntu1_source.buildinfo
Checksums-Sha256:
 5beec04120a0ee227345d8bfe5f35ba8b12c42207d20682114e4711ee796c866 2761 curl_7.66.0-1ubuntu1.dsc
 d0393da38ac74ffac67313072d7fe75b1fa1010eb5987f63f349b024a36b7ffb 4066716 curl_7.66.0.orig.tar.gz
 39dbe250a139986dfa09ec46fd05daec746927cae74bfbc59f439f0e9d0874cc 29980 curl_7.66.0-1ubuntu1.debian.tar.xz
 e0a6eb5569c2abf3daee9a9641d69a6dc78d821e3aa771d748265c4ecbfd4086 7696 curl_7.66.0-1ubuntu1_source.buildinfo
Files:
 b44fcf24d5fae023bf665217195baf16 2761 web optional curl_7.66.0-1ubuntu1.dsc
 8cb2898a9adc106075ac3cdc2b965bf6 4066716 web optional curl_7.66.0.orig.tar.gz
 efa05285c9e8be53dcefeabf68832320 29980 web optional curl_7.66.0-1ubuntu1.debian.tar.xz
 2e6fce15267777c094a58a1d52cb72cf 7696 web optional curl_7.66.0-1ubuntu1_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----

iQJOBAEBCgA4FiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAl3LV8oaHHN0ZXZlLmxh
bmdhc2VrQHVidW50dS5jb20ACgkQVo0w8yGyEz04NA/8DvzH6LVc1fdOAj88/YxS
ldk7yWSYK2IMblaarfpfXAjhQT/cqPSGrIcIVGGx6znhpBo6Hu7mk5dKJVZAaECi
1+WC7dCJO48UTTkvq0evk4VrrzA7cVl/tAniogNGGDFQqXZ0zyA+nTp/y4U6CQ1V
Cu8Z3a+xzdxjt1P6W82jilFBMqpnnzfrw8cXZ2YVZArbTbGBDXctOmyPMNFXO8Dr
5IYBlXWT8+s5zWwh+TD9MEwrF7GcxWHWBSMYWpiVswtZ0eOGlb7dtST56/K8PXzZ
HASY3opeiVGRXngne3CFQze4PRD6LXjEHDEFT2PjcnBHc7E02YzOrQlTfTaxapgT
Xmyc9q2FboVwWDBn+duU/e+knrs5UDPpvIZKWVT+VLdkaiODb8WkrsgDnUF7GlCJ
OMlQK0cP75r/n2ZQS1vJOg4zU4HpggF4RrlY8ZVuEIXGzbWL1LEbIFuQD1KYxals
l8sHSlAy5nBmBneBmF+5r47lre/GK0oSxfJQuF1RxVUPZloonk5ikOuP0M5mewPM
GH/Me+gL54Y/UCIq9nI58ITMFvR2UESjdXkiVRICYvhxphewdg8jL83+zm8oS5/i
PwxT4A/sPNrea1y3ZrG4BHuxKKlVLPD10dHZgv60EWzZmE0IlT4ELeazYqHB0mqv
dFOAOfj34Pc3kPtOB6m2wrk=
=Io/F
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list