curl 7.74.0-1.3ubuntu2 source package in Ubuntu
Changelog
curl (7.74.0-1.3ubuntu2) impish; urgency=medium
* SECURITY UPDATE: UAF and double-free in MQTT sending
- debian/patches/CVE-2021-22945.patch: clear the leftovers pointer when
sending succeeds in lib/mqtt.c.
- CVE-2021-22945
* SECURITY UPDATE: Protocol downgrade required TLS bypassed
- debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in
lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc,
tests/data/test984, tests/data/test985, tests/data/test986.
- CVE-2021-22946
* SECURITY UPDATE: STARTTLS protocol injection via MITM
- debian/patches/CVE-2021-22947.patch: reject STARTTLS server response
pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c,
tests/data/Makefile.inc, tests/data/test980, tests/data/test981,
tests/data/test982, tests/data/test983.
- CVE-2021-22947
-- Marc Deslauriers <email address hidden> Wed, 15 Sep 2021 08:05:33 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Impish
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.74.0.orig.tar.gz | 3.9 MiB | e56b3921eeb7a2951959c02db0912b5fcd5fdba5aca071da819e1accf338bbd7 |
| curl_7.74.0-1.3ubuntu2.debian.tar.xz | 44.7 KiB | 7ddcfca3ccf3a34ad20bde4dd29d0d247d868034d3bff5e96f227e5f2422db47 |
| curl_7.74.0-1.3ubuntu2.dsc | 2.7 KiB | d71740ba7009b091c44154c2c536190f3019cf2e20c53b299252b9c6360061d9 |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu impish.
No description available for curl in ubuntu impish.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu impish.
No description available for curl-dbgsym in ubuntu impish.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu impish.
No description available for libcurl3-gnutls in ubuntu impish.
- libcurl3-gnutls-dbgsym: debug symbols for libcurl3-gnutls
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu impish.
No description available for libcurl3-nss in ubuntu impish.
- libcurl3-nss-dbgsym: debug symbols for libcurl3-nss
- libcurl4: No summary available for libcurl4 in ubuntu impish.
No description available for libcurl4 in ubuntu impish.
- libcurl4-dbgsym: debug symbols for libcurl4
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu impish.
No description available for libcurl4-doc in ubuntu impish.
- libcurl4-gnutls-dev: development files and documentation for libcurl (GnuTLS flavour)
libcurl is an easy-to-use client-side URL transfer library, supporting DICT,
FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S,
RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP.
.
libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP
form based upload, proxies, cookies, user+password authentication (Basic,
Digest, NTLM, Negotiate, Kerberos), file transfer resume, http proxy tunneling
and more!
.
libcurl is free, thread-safe, IPv6 compatible, feature rich, well supported,
fast, thoroughly documented and is already used by many known, big and
successful companies and numerous applications.
.
This package provides the development files (ie. includes, static library,
manual pages) that allow one to build software which uses libcurl.
.
SSL support is provided by GnuTLS.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu impish.
No description available for libcurl4-nss-dev in ubuntu impish.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu impish.
No description available for libcurl4-
openssl- dev in ubuntu impish.
