[ubuntu/utopic-proposed] curl 7.36.0-2ubuntu1 (Accepted)

Michael Vogt michael.vogt at ubuntu.com
Wed Apr 30 11:46:14 UTC 2014 

curl (7.36.0-2ubuntu1) utopic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop stunnel4 and libssh2-1-dev.
      + Drop libssh2-1-dev from binary package Depends.
    - Add new libcurl3-udeb package.
    - Add new curl-udeb package.

curl (7.36.0-2) unstable; urgency=medium

  * Move Depends on -dev packages needed to use static libraries to Suggests
  * Switch to GnuTLS 3.x (Closes: #741568)
  * Disable RTMP support (librtmp-dev requires libgnutls-dev, which conflicts
    with libgnutls28-dev)

curl (7.36.0-1) unstable; urgency=high

  * New upstream release (Closes: #742728)
    - Fix connection re-use when using different log-in credentials
      as per CVE-2014-0138
      http://curl.haxx.se/docs/adv_20140326A.html
    - Reject IP address wildcard matches as per CVE-2014-0139
      http://curl.haxx.se/docs/adv_20140326B.html
    - Set urgency=high accordingly
  * Add 08_fix-imap-tests.patch to fix tests broken by the fix for CVE-2014-0138

Date: Wed, 30 Apr 2014 13:34:14 +0200
Changed-By: Michael Vogt <michael.vogt at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/curl/7.36.0-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 30 Apr 2014 13:34:14 +0200
Source: curl
Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.36.0-2ubuntu1
Distribution: utopic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Michael Vogt <michael.vogt at ubuntu.com>
Description: 
 curl       - command line tool for transferring data with URL syntax
 curl-udeb  - Get a file from an HTTP, HTTPS or FTP server (udeb)
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 741568 742728
Changes: 
 curl (7.36.0-2ubuntu1) utopic; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
     - Drop dependencies not in main:
       + Build-Depends: Drop stunnel4 and libssh2-1-dev.
       + Drop libssh2-1-dev from binary package Depends.
     - Add new libcurl3-udeb package.
     - Add new curl-udeb package.
 .
 curl (7.36.0-2) unstable; urgency=medium
 .
   * Move Depends on -dev packages needed to use static libraries to Suggests
   * Switch to GnuTLS 3.x (Closes: #741568)
   * Disable RTMP support (librtmp-dev requires libgnutls-dev, which conflicts
     with libgnutls28-dev)
 .
 curl (7.36.0-1) unstable; urgency=high
 .
   * New upstream release (Closes: #742728)
     - Fix connection re-use when using different log-in credentials
       as per CVE-2014-0138
       http://curl.haxx.se/docs/adv_20140326A.html
     - Reject IP address wildcard matches as per CVE-2014-0139
       http://curl.haxx.se/docs/adv_20140326B.html
     - Set urgency=high accordingly
   * Add 08_fix-imap-tests.patch to fix tests broken by the fix for CVE-2014-0138
Checksums-Sha1: 
 8cc3b15f417ae9ea133c6998214c8752d312d211 2095 curl_7.36.0-2ubuntu1.dsc
 35e9fb187c7512ee0206aad8ffeb4cdbf3ed80b2 3564934 curl_7.36.0.orig.tar.gz
 bfa17e99ef6f95adf6f32ce179abd8ae8d4cb7f1 31849 curl_7.36.0-2ubuntu1.debian.tar.gz
Checksums-Sha256: 
 bb914d46f30625f1c95969d682eedb37f162d6517485463e263975c012ee20a4 2095 curl_7.36.0-2ubuntu1.dsc
 33015795d5650a2bfdd9a4a28ce4317cef944722a5cfca0d1563db8479840e90 3564934 curl_7.36.0.orig.tar.gz
 305a870a677b420fa0d155c392d48ede94fdf991f6507dd598d8bc9abd13e418 31849 curl_7.36.0-2ubuntu1.debian.tar.gz
Files: 
 75678cbccf26ac543589e29accac1f5a 2095 web optional curl_7.36.0-2ubuntu1.dsc
 643a7030b27449e76413d501d4b8eb57 3564934 web optional curl_7.36.0.orig.tar.gz
 357d9344911e68c0ca0335ca3fe58098 31849 web optional curl_7.36.0-2ubuntu1.debian.tar.gz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlNg4SAACgkQliSD4VZixzSLEQCffaBj1nqWisFi+xzZLsOlyf15
Zd4An3e1ZRM8zvJbEv+fdmf4BfTeSGqK
=bjQ3
-----END PGP SIGNATURE-----

More information about the Utopic-changes mailing list