curl 7.22.0-3ubuntu4.17 source package in Ubuntu
Changelog
curl (7.22.0-3ubuntu4.17) precise-security; urgency=medium
* SECURITY UPDATE: Incorrect reuse of client certificates with NSS
- debian/patches/CVE-2016-7141.patch: refuse previously loaded
certificate from file in lib/nss.c.
- CVE-2016-7141
* SECURITY UPDATE: curl escape and unescape integer overflows
- debian/patches/CVE-2016-7167.patch: deny negative string length
inputs in lib/escape.c.
- CVE-2016-7167
* SECURITY UPDATE: cookie injection for other servers
- debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
lib/cookie.c.
- CVE-2016-8615
* SECURITY UPDATE: case insensitive password comparison
- debian/patches/CVE-2016-8616.patch: use case sensitive user/password
comparisons in lib/url.c.
- CVE-2016-8616
* SECURITY UPDATE: OOB write via unchecked multiplication
- debian/patches/CVE-2016-8617.patch: check for integer overflow on
large input in lib/base64.c.
- CVE-2016-8617
* SECURITY UPDATE: double-free in curl_maprintf
- debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
allocation in lib/mprintf.c.
- CVE-2016-8618
* SECURITY UPDATE: double-free in krb5 code
- debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
- CVE-2016-8619
* SECURITY UPDATE: curl_getdate read out of bounds
- debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
lib/parsedate.c, added tests to tests/data/test517,
tests/libtest/lib517.c.
- CVE-2016-8621
* SECURITY UPDATE: URL unescape heap overflow via integer truncation
- debian/patches/CVE-2016-8622.patch: avoid integer overflow in
lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
- CVE-2016-8622
* SECURITY UPDATE: Use-after-free via shared cookies
- debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
in lib/cookie.c, lib/cookie.h, lib/http.c.
- CVE-2016-8623
* SECURITY UPDATE: invalid URL parsing with #
- debian/patches/CVE-2016-8624.patch: accept # as end of host name in
lib/url.c.
- CVE-2016-8624
-- Marc Deslauriers <email address hidden> Thu, 03 Nov 2016 08:03:52 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Precise
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| curl_7.22.0.orig.tar.gz | 2.8 MiB | 8fa54fdb229b5a014f454e67502fcca2516121f4d078e0be19103998a736279c |
| curl_7.22.0-3ubuntu4.17.debian.tar.gz | 59.6 KiB | ff52195fc04f65931a8b43c5dc4f426bf7c2da84b6a44a61a2eb480c31f3ab5c |
| curl_7.22.0-3ubuntu4.17.dsc | 2.7 KiB | a6fcff1bdd2d61f1a9df1e7fcaef22db42b2535ee1a2a734f961522ab6a9460c |
Available diffs
Binary packages built by this source
- curl: Get a file from an HTTP, HTTPS or FTP server
curl is a client to get files from servers using any of the supported
protocols. The command is designed to work without user interaction
or any kind of interactivity.
.
curl offers a busload of useful tricks like proxy support, user
authentication, FTP upload, HTTP post, file transfer resume and more.
- curl-udeb: Get a file from an HTTP, HTTPS or FTP server
curl is a client to get files from servers using any of the supported
protocols. The command is designed to work without user interaction
or any kind of interactivity.
.
curl offers a busload of useful tricks like proxy support, user
authentication, FTP upload, HTTP post, file transfer resume and more.
.
This package contains the curl binary for the Debian Installer (udeb)
- libcurl3: Multi-protocol file transfer library (OpenSSL)
libcurl is designed to be a solid, usable, reliable and portable
multi-protocol file transfer library.
.
SSL support is provided by OpenSSL.
.
This is the shared version of libcurl.
- libcurl3-dbg: libcurl compiled with debug symbols
This contains the debug symbols of both the OpenSSL, GnuTLS and NSS versions
of libcurl3. It might be useful in debug sessions of software which uses
libcurl.
- libcurl3-gnutls: Multi-protocol file transfer library (GnuTLS)
libcurl is designed to be a solid, usable, reliable and portable
multi-protocol file transfer library.
.
SSL support is provided by GnuTLS.
.
This is the shared version of libcurl.
- libcurl3-nss: Multi-protocol file transfer library (NSS)
libcurl is designed to be a solid, usable, reliable and portable
multi-protocol file transfer library.
.
SSL support is provided by NSS.
.
This is the shared version of libcurl.
- libcurl3-udeb: Multi-protocol file transfer library (OpenSSL)
libcurl is designed to be a solid, usable, reliable and portable
multi-protocol file transfer library.
.
SSL support is provided by OpenSSL.
.
This package contains the minimal runtime libraries for the Debian Installer
(udeb).
- libcurl4-gnutls-dev: Development files and documentation for libcurl (GnuTLS)
These files (ie. includes, static library, manual pages) allow to
build software which uses libcurl.
.
SSL support is provided by GnuTLS.
.
HTML and PDF versions of all the manual pages are also provided.
- libcurl4-nss-dev: Development files and documentation for libcurl (NSS)
These files (ie. includes, static library, manual pages) allow to
build software which uses libcurl.
.
SSL support is provided by NSS.
.
HTML and PDF versions of all the manual pages are also provided.
- libcurl4-openssl-dev: Development files and documentation for libcurl (OpenSSL)
These files (ie. includes, static library, manual pages) allow to
build software which uses libcurl.
.
SSL support is provided by OpenSSL.
.
HTML and PDF versions of all the manual pages are also provided.
