[ubuntu/questing-security] curl 8.14.1-2ubuntu1.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Mar 11 11:48:21 UTC 2026
curl (8.14.1-2ubuntu1.2) questing-security; urgency=medium
* SECURITY UPDATE: bad reuse of HTTP Negotiate connection
- debian/patches/CVE-2026-1965-1.patch: fix reuse of connections using
HTTP Negotiate in lib/url.c.
- debian/patches/CVE-2026-1965-2.patch: fix copy and paste
url_match_auth_nego mistake in lib/url.c.
- CVE-2026-1965
* SECURITY UPDATE: token leak with redirect and netrc
- debian/patches/CVE-2026-3783.patch: only send bearer if auth is
allowed in lib/http.c, tests/data/Makefile.am, tests/data/test2006.
- CVE-2026-3783
* SECURITY UPDATE: wrong proxy connection reuse with credentials
- debian/patches/CVE-2026-3784.patch: add additional tests in
lib/url.c, tests/http/test_13_proxy_auth.py,
tests/http/testenv/curl.py.
- CVE-2026-3784
* SECURITY UPDATE: use after free in SMB connection reuse
- debian/patches/CVE-2026-3805.patch: free the path in the request
struct properly in lib/smb.c.
- CVE-2026-3805
Date: 2026-03-10 18:48:10.400129+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list