curl 7.50.1-1ubuntu1.1 source package in Ubuntu
Changelog
curl (7.50.1-1ubuntu1.1) yakkety-security; urgency=medium * SECURITY UPDATE: Incorrect reuse of client certificates with NSS - debian/patches/CVE-2016-7141.patch: refuse previously loaded certificate from file in lib/vtls/nss.c. - CVE-2016-7141 * SECURITY UPDATE: curl escape and unescape integer overflows - debian/patches/CVE-2016-7167.patch: deny negative string length inputs in lib/escape.c. - CVE-2016-7167 * SECURITY UPDATE: cookie injection for other servers - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in lib/cookie.c. - CVE-2016-8615 * SECURITY UPDATE: case insensitive password comparison - debian/patches/CVE-2016-8616.patch: use case sensitive user/password comparisons in lib/url.c. - CVE-2016-8616 * SECURITY UPDATE: OOB write via unchecked multiplication - debian/patches/CVE-2016-8617.patch: check for integer overflow on large input in lib/base64.c. - CVE-2016-8617 * SECURITY UPDATE: double-free in curl_maprintf - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing allocation in lib/mprintf.c. - CVE-2016-8618 * SECURITY UPDATE: double-free in krb5 code - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c. - CVE-2016-8619 * SECURITY UPDATE: glob parser write/read out of bounds - debian/patches/CVE-2016-8620.patch: stay within bounds in src/tool_urlglob.c. - CVE-2016-8620 * SECURITY UPDATE: curl_getdate read out of bounds - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in lib/parsedate.c, added tests to tests/data/test517, tests/libtest/lib517.c. - CVE-2016-8621 * SECURITY UPDATE: URL unescape heap overflow via integer truncation - debian/patches/CVE-2016-8622.patch: avoid integer overflow in lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3. - CVE-2016-8622 * SECURITY UPDATE: Use-after-free via shared cookies - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies in lib/cookie.c, lib/cookie.h, lib/http.c. - CVE-2016-8623 * SECURITY UPDATE: invalid URL parsing with # - debian/patches/CVE-2016-8624.patch: accept # as end of host name in lib/url.c. - CVE-2016-8624 -- Marc Deslauriers <email address hidden> Wed, 02 Nov 2016 13:45:25 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Yakkety
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
curl_7.50.1.orig.tar.gz | 8.5 MiB | 3e392cf600822b817be82d9080b377fcbab70538d5a8bf525a1cd66e157b99ea |
curl_7.50.1-1ubuntu1.1.debian.tar.xz | 37.6 KiB | 41ba4601b821ae9c38816a54086a60ec9925b7792b857f841c1b4e97dbccec9f |
curl_7.50.1-1ubuntu1.1.dsc | 2.7 KiB | 886fbbfb9aae0997de5c49c66f739fd4cf22adbdb716b4e36a1e94c908661422 |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu yakkety.
No description available for curl in ubuntu yakkety.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu yakkety.
No description available for curl-dbgsym in ubuntu yakkety.
- libcurl3: No summary available for libcurl3 in ubuntu yakkety.
No description available for libcurl3 in ubuntu yakkety.
- libcurl3-dbg: No summary available for libcurl3-dbg in ubuntu yakkety.
No description available for libcurl3-dbg in ubuntu yakkety.
- libcurl3-dbgsym: No summary available for libcurl3-dbgsym in ubuntu yakkety.
No description available for libcurl3-dbgsym in ubuntu yakkety.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu yakkety.
No description available for libcurl3-gnutls in ubuntu yakkety.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu yakkety.
No description available for libcurl3-
gnutls- dbgsym in ubuntu yakkety.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu yakkety.
No description available for libcurl3-nss in ubuntu yakkety.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu yakkety.
No description available for libcurl3-nss-dbgsym in ubuntu yakkety.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu yakkety.
No description available for libcurl4-doc in ubuntu yakkety.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu yakkety.
No description available for libcurl4-gnutls-dev in ubuntu yakkety.
- libcurl4-gnutls-dev-dbgsym: No summary available for libcurl4-gnutls-dev-dbgsym in ubuntu yakkety.
No description available for libcurl4-
gnutls- dev-dbgsym in ubuntu yakkety.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu yakkety.
No description available for libcurl4-nss-dev in ubuntu yakkety.
- libcurl4-nss-dev-dbgsym: No summary available for libcurl4-nss-dev-dbgsym in ubuntu yakkety.
No description available for libcurl4-
nss-dev- dbgsym in ubuntu yakkety.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu yakkety.
No description available for libcurl4-
openssl- dev in ubuntu yakkety.
- libcurl4-openssl-dev-dbgsym: No summary available for libcurl4-openssl-dev-dbgsym in ubuntu yakkety.
No description available for libcurl4-
openssl- dev-dbgsym in ubuntu yakkety.