[ubuntu/impish-proposed] curl 7.74.0-1.2ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jul 28 13:47:13 UTC 2021 

curl (7.74.0-1.2ubuntu4) impish; urgency=medium

  * SECURITY UPDATE: TELNET stack contents disclosure
    - debian/patches/CVE-2021-22898.patch: check sscanf() for correct
      number of matches in lib/telnet.c.
    - CVE-2021-22898
  * SECURITY UPDATE: Bad connection reuse due to flawed path name checks
    - debian/patches/CVE-2021-22924.patch: fix connection reuse checks for
      issuer cert and case sensitivity in lib/url.c, lib/urldata.h,
      lib/vtls/gtls.c, lib/vtls/nss.c, lib/vtls/openssl.c, lib/vtls/vtls.c.
    - CVE-2021-22924
  * SECURITY UPDATE: TELNET stack contents disclosure again
    - debian/patches/CVE-2021-22925.patch: fix option parser to not send
      uninitialized contents in lib/telnet.c.
    - CVE-2021-22925

Date: Wed, 28 Jul 2021 07:58:02 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.74.0-1.2ubuntu4
-------------- next part --------------
Format: 1.8
Date: Wed, 28 Jul 2021 07:58:02 -0400
Source: curl
Built-For-Profiles: noudeb
Architecture: source
Version: 7.74.0-1.2ubuntu4
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 curl (7.74.0-1.2ubuntu4) impish; urgency=medium
 .
   * SECURITY UPDATE: TELNET stack contents disclosure
     - debian/patches/CVE-2021-22898.patch: check sscanf() for correct
       number of matches in lib/telnet.c.
     - CVE-2021-22898
   * SECURITY UPDATE: Bad connection reuse due to flawed path name checks
     - debian/patches/CVE-2021-22924.patch: fix connection reuse checks for
       issuer cert and case sensitivity in lib/url.c, lib/urldata.h,
       lib/vtls/gtls.c, lib/vtls/nss.c, lib/vtls/openssl.c, lib/vtls/vtls.c.
     - CVE-2021-22924
   * SECURITY UPDATE: TELNET stack contents disclosure again
     - debian/patches/CVE-2021-22925.patch: fix option parser to not send
       uninitialized contents in lib/telnet.c.
     - CVE-2021-22925
Checksums-Sha1:
 6e29d2441f77832422dacb869bd2e4a1c3268129 2771 curl_7.74.0-1.2ubuntu4.dsc
 d26f322d10848d8cc42591551ce7b8a478d1d67f 41904 curl_7.74.0-1.2ubuntu4.debian.tar.xz
 5b5560582ab62404ddfe1f2003e89e7a86da16c9 9756 curl_7.74.0-1.2ubuntu4_source.buildinfo
Checksums-Sha256:
 7bb44a9ce846f38a0c297753197b3d6850ef2db18bb790dc5219e24c94fdb336 2771 curl_7.74.0-1.2ubuntu4.dsc
 e18318958141cda3a92fb737398650f29df5ee0619d12554819eed3f5e44bb77 41904 curl_7.74.0-1.2ubuntu4.debian.tar.xz
 8e2383901070e4f75030209d64ab76863a7f2acec283ad03017571650a2fa103 9756 curl_7.74.0-1.2ubuntu4_source.buildinfo
Files:
 31f63cdaa556d49b2302598831243da3 2771 web optional curl_7.74.0-1.2ubuntu4.dsc
 5a3a21159eaca91fdca7012c6b698805 41904 web optional curl_7.74.0-1.2ubuntu4.debian.tar.xz
 d52c960ddc1b742ee7dc4525a27a1c69 9756 web optional curl_7.74.0-1.2ubuntu4_source.buildinfo
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

More information about the impish-changes mailing list