[ubuntu/zesty-proposed] curl 7.51.0-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Nov 16 19:32:12 UTC 2016 

curl (7.51.0-1ubuntu1) zesty; urgency=medium

  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

curl (7.51.0-1) unstable; urgency=medium

  * New upstream release
    - Fix cookie injection for other servers as per CVE-2016-8615
      https://curl.haxx.se/docs/adv_20161102A.html
    - Fix case insensitive password comparison as per CVE-2016-8616
      https://curl.haxx.se/docs/adv_20161102B.html
    - Fix OOB write via unchecked multiplication as per CVE-2016-8617
      https://curl.haxx.se/docs/adv_20161102C.html
    - Fix double-free in curl_maprintf as per CVE-2016-8618
      https://curl.haxx.se/docs/adv_20161102D.html
    - Fix double-free in krb5 code as per CVE-2016-8619
      https://curl.haxx.se/docs/adv_20161102E.html
    - Fix glob parser write/read out of bounds as per CVE-2016-8620
      https://curl.haxx.se/docs/adv_20161102F.html
    - Fix curl_getdate read out of bounds as per CVE-2016-8621
      https://curl.haxx.se/docs/adv_20161102G.html
    - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
      https://curl.haxx.se/docs/adv_20161102H.html
    - Fix use-after-free via shared cookies as per CVE-2016-8623
      https://curl.haxx.se/docs/adv_20161102I.html
    - Fix invalid URL parsing with '#' as per CVE-2016-8624
      https://curl.haxx.se/docs/adv_20161102J.html
    - Fix IDNA 2003 makes curl use wrong host
      https://curl.haxx.se/docs/adv_20161102K.html
    - Fix escape and unescape integer overflows as
      per CVE-2016-7167 (Closes: #837945)
      https://curl.haxx.se/docs/adv_20160914.html
    - Fix incorrect reuse of client certificates (NSS backend)
      as per CVE-2016-7141 (Closes: #836918)
      https://curl.haxx.se/docs/adv_20160907.html
  * Drop 02_art_http_scripting.patch (file not shipped anymore)
  * Refresh patches
  * Temporarily disable IDN support
  * Don't install pdf and html docs (they are not shipped in the tarball anymore)
  * Install markdown docs

curl (7.50.1-2) unstable; urgency=medium

  * Disable more network tests (Closes: #830273)

Date: Wed, 16 Nov 2016 12:59:10 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/7.51.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 16 Nov 2016 12:59:10 -0500
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.51.0-1ubuntu1
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 830273 836918 837945
Changes:
 curl (7.51.0-1ubuntu1) zesty; urgency=medium
 .
   * Merge from Debian. Remaining changes:
     - Drop dependencies not in main:
       + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
       + Drop libssh2-1-dev from binary package Depends.
       + debian/control: drop --with-nghttp2
 .
 curl (7.51.0-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix cookie injection for other servers as per CVE-2016-8615
       https://curl.haxx.se/docs/adv_20161102A.html
     - Fix case insensitive password comparison as per CVE-2016-8616
       https://curl.haxx.se/docs/adv_20161102B.html
     - Fix OOB write via unchecked multiplication as per CVE-2016-8617
       https://curl.haxx.se/docs/adv_20161102C.html
     - Fix double-free in curl_maprintf as per CVE-2016-8618
       https://curl.haxx.se/docs/adv_20161102D.html
     - Fix double-free in krb5 code as per CVE-2016-8619
       https://curl.haxx.se/docs/adv_20161102E.html
     - Fix glob parser write/read out of bounds as per CVE-2016-8620
       https://curl.haxx.se/docs/adv_20161102F.html
     - Fix curl_getdate read out of bounds as per CVE-2016-8621
       https://curl.haxx.se/docs/adv_20161102G.html
     - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
       https://curl.haxx.se/docs/adv_20161102H.html
     - Fix use-after-free via shared cookies as per CVE-2016-8623
       https://curl.haxx.se/docs/adv_20161102I.html
     - Fix invalid URL parsing with '#' as per CVE-2016-8624
       https://curl.haxx.se/docs/adv_20161102J.html
     - Fix IDNA 2003 makes curl use wrong host
       https://curl.haxx.se/docs/adv_20161102K.html
     - Fix escape and unescape integer overflows as
       per CVE-2016-7167 (Closes: #837945)
       https://curl.haxx.se/docs/adv_20160914.html
     - Fix incorrect reuse of client certificates (NSS backend)
       as per CVE-2016-7141 (Closes: #836918)
       https://curl.haxx.se/docs/adv_20160907.html
   * Drop 02_art_http_scripting.patch (file not shipped anymore)
   * Refresh patches
   * Temporarily disable IDN support
   * Don't install pdf and html docs (they are not shipped in the tarball anymore)
   * Install markdown docs
 .
 curl (7.50.1-2) unstable; urgency=medium
 .
   * Disable more network tests (Closes: #830273)
Checksums-Sha1:
 c73941e5432c95b81ca22715d4e02d6b93175f4f 2775 curl_7.51.0-1ubuntu1.dsc
 d967f37db1a2b49eb3ccc682b97c46e948dfd19a 3441753 curl_7.51.0.orig.tar.gz
 bb3d6b72f5e062aff51608dbedae406964ac14a3 30180 curl_7.51.0-1ubuntu1.debian.tar.xz
Checksums-Sha256:
 d6fbcff05e94e30944fa359ed9c4349b6d55257004680acda61f791357155388 2775 curl_7.51.0-1ubuntu1.dsc
 65b5216a6fbfa72f547eb7706ca5902d7400db9868269017a8888aa91d87977c 3441753 curl_7.51.0.orig.tar.gz
 284cf62266b22abc4e262e095182188c84f730d94264ae3e7e51444a4a392f71 30180 curl_7.51.0-1ubuntu1.debian.tar.xz
Files:
 b84f10b69f57dc533c9cc2dbbace8b36 2775 web optional curl_7.51.0-1ubuntu1.dsc
 490e19a8ccd1f4a244b50338a0eb9456 3441753 web optional curl_7.51.0.orig.tar.gz
 9f06e17b31b251305c5d613798b070a0 30180 web optional curl_7.51.0-1ubuntu1.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYLLOyAAoJEGVp2FWnRL6T07AP/0zmyIXyKBWCWshaxu6UQar2
i1nNcPSo0bNfOblAE2QDcFcJFC+yLVt2NqgY3JQcZQJAI595SScPKocVwtxqEELK
L0wwJPoQqWGwCC51MfyKLAbFCC4LmmliMS/gzsQh2VRtmqFWECdJ4Ozv25mOS2Ma
2wqVWSJ4KLNkOAZkJ89+wMy38zjY12KVvOQKB7JxVj9+A1nv4iJPf+kP0BTMIAwX
s3MOizLRsfd1+BhqwDiS0wWDF8KrBYjyNZoKxiOKll+4c4EVCDXvx3WGVf4OzSlw
ZGCaOhaHn/5R+/gB6n0s4CinXRDRm+l0a+mB3tIQsdqnwtA/SAX6Zem7wleRWYD2
AOwuYrdg7qoay3DhGAZRRklBxXs2QhZI8QP+FWTVwkT4neoA1OihgbWM4Sr7lzpI
r2ydHKdwdNqyoUWRGzOuE938XRnHp/T26Myazxv3rLNhOCJP1DpxJnWX7tC7gz5e
McusEX0fC2lU5y3bn5LgdXjUi0cNID3CiaBwoo6vf75speVg5yk3gsf3nGQy8Db5
sRdENt8y2AaCtw1EzFZB6lVQCmBtWP9ZEaXmZK6mLYsYAfeW/wmlYUBanUc3EeEZ
NOqkfIUCftoTKGN4VSAjtv55D57HhFyajydlnR26JtPtxNoFLsPXeRlGTznggfoz
J18Wanyk1FLyyFcsmQHx
=Skoe
-----END PGP SIGNATURE-----

More information about the Zesty-changes mailing list