curl 7.74.0-1ubuntu2.3 source package in Ubuntu
Changelog
curl (7.74.0-1ubuntu2.3) hirsute-security; urgency=medium
* SECURITY UPDATE: UAF and double-free in MQTT sending
- debian/patches/CVE-2021-22945.patch: clear the leftovers pointer when
sending succeeds in lib/mqtt.c.
- CVE-2021-22945
* SECURITY UPDATE: Protocol downgrade required TLS bypassed
- debian/patches/CVE-2021-22946.patch: do not ignore --ssl-reqd in
lib/ftp.c, lib/imap.c, lib/pop3.c, tests/data/Makefile.inc,
tests/data/test984, tests/data/test985, tests/data/test986.
- CVE-2021-22946
* SECURITY UPDATE: STARTTLS protocol injection via MITM
- debian/patches/CVE-2021-22947.patch: reject STARTTLS server response
pipelining in lib/ftp.c, lib/imap.c, lib/pop3.c, lib/smtp.c,
tests/data/Makefile.inc, tests/data/test980, tests/data/test981,
tests/data/test982, tests/data/test983.
- CVE-2021-22947
-- Marc Deslauriers <email address hidden> Tue, 07 Sep 2021 12:02:51 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hirsute
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.74.0.orig.tar.gz | 3.9 MiB | e56b3921eeb7a2951959c02db0912b5fcd5fdba5aca071da819e1accf338bbd7 |
| curl_7.74.0-1ubuntu2.3.debian.tar.xz | 41.9 KiB | da223fd5c63c96a7f1797eb923feaca74774ae66db571d9c8ce97d2ce38f3414 |
| curl_7.74.0-1ubuntu2.3.dsc | 2.7 KiB | 95df8520051e3c0aa43bf6116b152abc5f7e55c66328bec9a288a54b3fb59547 |
Available diffs
Binary packages built by this source
- curl: No summary available for curl in ubuntu hirsute.
No description available for curl in ubuntu hirsute.
- curl-dbgsym: No summary available for curl-dbgsym in ubuntu hirsute.
No description available for curl-dbgsym in ubuntu hirsute.
- libcurl3-gnutls: No summary available for libcurl3-gnutls in ubuntu hirsute.
No description available for libcurl3-gnutls in ubuntu hirsute.
- libcurl3-gnutls-dbgsym: No summary available for libcurl3-gnutls-dbgsym in ubuntu hirsute.
No description available for libcurl3-
gnutls- dbgsym in ubuntu hirsute.
- libcurl3-nss: No summary available for libcurl3-nss in ubuntu hirsute.
No description available for libcurl3-nss in ubuntu hirsute.
- libcurl3-nss-dbgsym: No summary available for libcurl3-nss-dbgsym in ubuntu hirsute.
No description available for libcurl3-nss-dbgsym in ubuntu hirsute.
- libcurl4: No summary available for libcurl4 in ubuntu hirsute.
No description available for libcurl4 in ubuntu hirsute.
- libcurl4-dbgsym: No summary available for libcurl4-dbgsym in ubuntu hirsute.
No description available for libcurl4-dbgsym in ubuntu hirsute.
- libcurl4-doc: No summary available for libcurl4-doc in ubuntu hirsute.
No description available for libcurl4-doc in ubuntu hirsute.
- libcurl4-gnutls-dev: No summary available for libcurl4-gnutls-dev in ubuntu hirsute.
No description available for libcurl4-gnutls-dev in ubuntu hirsute.
- libcurl4-nss-dev: No summary available for libcurl4-nss-dev in ubuntu hirsute.
No description available for libcurl4-nss-dev in ubuntu hirsute.
- libcurl4-openssl-dev: No summary available for libcurl4-openssl-dev in ubuntu hirsute.
No description available for libcurl4-
openssl- dev in ubuntu hirsute.
