[ubuntu/utopic-proposed] curl 7.37.1-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Sep 11 13:34:15 UTC 2014
curl (7.37.1-1ubuntu2) utopic; urgency=medium
* SECURITY UPDATE: incorrect cookie handling via partial literal IP
addresses
- debian/patches/CVE-2014-3613.patch: only use full host matches for
hosts used as IP address in lib/cookie.c, added tests to
tests/data/test1105, tests/data/test31, tests/data/test8.
- CVE-2014-3613
* SECURITY UPDATE: incorrect cookie handling for TLDs
- debian/patches/CVE-2014-3620.patch: reject incoming cookies set for
TLDs in lib/cookie.c, added test to tests/data/test61.
- CVE-2014-3620
Date: Thu, 11 Sep 2014 08:15:47 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/curl/7.37.1-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Sep 2014 08:15:47 -0400
Source: curl
Binary: curl curl-udeb libcurl3 libcurl3-udeb libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.37.1-1ubuntu2
Distribution: utopic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
curl - command line tool for transferring data with URL syntax
curl-udeb - Get a file from an HTTP, HTTPS or FTP server (udeb)
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl3-udeb - Multi-protocol file transfer library (OpenSSL) (udeb)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
curl (7.37.1-1ubuntu2) utopic; urgency=medium
.
* SECURITY UPDATE: incorrect cookie handling via partial literal IP
addresses
- debian/patches/CVE-2014-3613.patch: only use full host matches for
hosts used as IP address in lib/cookie.c, added tests to
tests/data/test1105, tests/data/test31, tests/data/test8.
- CVE-2014-3613
* SECURITY UPDATE: incorrect cookie handling for TLDs
- debian/patches/CVE-2014-3620.patch: reject incoming cookies set for
TLDs in lib/cookie.c, added test to tests/data/test61.
- CVE-2014-3620
Checksums-Sha1:
30e5ca2cfb66bb170b13380f1237303655e05a35 2841 curl_7.37.1-1ubuntu2.dsc
f9dba12e8b7284761c8ef78c30935f79ae732dd2 29384 curl_7.37.1-1ubuntu2.debian.tar.xz
Checksums-Sha256:
bc1dd03616252dca2480757d0fc35a78ed0d6bc503797f5f64ec2925cbf852d5 2841 curl_7.37.1-1ubuntu2.dsc
d2d0207eff3f11dbb87e701304c6bc04f9f99fbc139d09a83db94597dd0e33a4 29384 curl_7.37.1-1ubuntu2.debian.tar.xz
Files:
60c73efd9441434cb5a4ce71b97c82a0 2841 web optional curl_7.37.1-1ubuntu2.dsc
085e4dcd6c675b0781ee0db6b51f6e97 29384 web optional curl_7.37.1-1ubuntu2.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUEaP6AAoJEGVp2FWnRL6TaS8QAJecG6kE10JAxxTZV+kdeLGq
VH7ukW6sp6ijTCb43dUOr/uWmDIxHHeRxGH2vnTipSUr2zRbOPivvCyBYn32riBS
74rzz8lKj/V1j1o22131nmj/bdodVfVdPZ4BNutWSUiWfpqEME0u2Q19yYFOBpkg
dX4T6UuTIJHBzk6izNheKz3DhyTnWAb8Q7gabJvug7LZn6yGI2SlxkdDoBp6gqEn
v2Xo0lTS2UjMWnELYlmM9pnwgVayRoW/0k2A/mkq3Fjy6t8yZTkQSMSWDG374+AW
l9QG7L+wm4OlWbzTpEHBSysT9IMfZIEo842lz7DYF8VacZDqwcJM/+jj/4hLbgSW
TZMIsmm82ob6BZmoXA79LiZESmVoVf6yVMkj783hs2OiEaAp/FSTJI1DmMQGF70v
TAA4fgpLvWJwVhYxZk51T52V8+rcRQxfzAYZa1DaE3PWnAWP5Juc7LXTKn37xHJU
2+eWwh6JsnG28aaExlg474Jj1/0H+b/yQwiUf6unGnTEbe5vuPVQffqR7C4cccdy
K285oevlX7NiMsnIrP2E6HcpHIQbLeeEW9TzJP9lqeVLGNdm3lnHSvSaflmOV1U3
Zo+Uvhp0pf0DYfpo6lCVxQTd1V7efg1yPoVh65dV5TLClvwXpGVVWOYz5/8iA4k0
v7yR6BYDCw1msOl0CHz4
=sh3X
-----END PGP SIGNATURE-----
More information about the Utopic-changes
mailing list