View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/debian/dsc 2018-11-10 17:13:39 UTC 2018-11-10
DSC file for 7.52.1-5+deb9u8

Author: Ubuntu Git Importer
Author Date: 2018-11-10 17:13:39 UTC

DSC file for 7.52.1-5+deb9u8

applied/debian/stretch 2018-11-10 16:56:13 UTC 2018-11-10
Import patches-applied version 7.52.1-5+deb9u8 to applied/debian/stretch

Author: Alessandro Ghedini
Author Date: 2018-10-30 21:39:11 UTC

Import patches-applied version 7.52.1-5+deb9u8 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 9eee3823b3eee8d31956c02785ef6092acb9ed0c
Unapplied parent: 85db53e8de9cccae08bdcceec1cb7c436bb7ab30

New changelog entries:
  * Fix SASL password overflow via integer overflow as per CVE-2018-16839
    https://curl.haxx.se/docs/CVE-2018-16839.html
  * Fix warning message out-of-buffer read as per CVE-2018-16842
    https://curl.haxx.se/docs/CVE-2018-16842.html
  * Fix NTLM password overflow via integer overflow as per CVE-2018-14618
    https://curl.haxx.se/docs/CVE-2018-14618.html

debian/stretch 2018-11-10 16:56:13 UTC 2018-11-10
Import patches-unapplied version 7.52.1-5+deb9u8 to debian/stretch

Author: Alessandro Ghedini
Author Date: 2018-10-30 21:39:11 UTC

Import patches-unapplied version 7.52.1-5+deb9u8 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: fabfc76e8299dd12d53c78daa4318bbe84f1386b

New changelog entries:
  * Fix SASL password overflow via integer overflow as per CVE-2018-16839
    https://curl.haxx.se/docs/CVE-2018-16839.html
  * Fix warning message out-of-buffer read as per CVE-2018-16842
    https://curl.haxx.se/docs/CVE-2018-16842.html
  * Fix NTLM password overflow via integer overflow as per CVE-2018-14618
    https://curl.haxx.se/docs/CVE-2018-14618.html

applied/debian/buster 2018-11-01 04:29:34 UTC 2018-11-01
Import patches-applied version 7.62.0-1 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2018-10-31 22:42:44 UTC

Import patches-applied version 7.62.0-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 968c1d5e34b1fa945c39a5a7aae9de4111d8bc08
Unapplied parent: dae796664de6578012fc48c59face52170a2ea38

New changelog entries:
  * New upstream release
    + Fix NTLM password overflow via integer overflow as per CVE-2018-14618
      (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
    + Fix SASL password overflow via integer overflow as per CVE-2018-16839
      https://curl.haxx.se/docs/CVE-2018-16839.html
    + Fix use-after-free in handle close as per CVE-2018-16840
      https://curl.haxx.se/docs/CVE-2018-16840.html
    + Fix warning message out-of-buffer read as per CVE-2018-16842
      https://curl.haxx.se/docs/CVE-2018-16842.html
    + Fix broken terminal output (closes: #911333)
  * Refresh patches
  * Add 12_fix-runtests-curl.patch to fix running curl in tests

debian/buster 2018-11-01 04:29:34 UTC 2018-11-01
Import patches-unapplied version 7.62.0-1 to debian/sid

Author: Alessandro Ghedini
Author Date: 2018-10-31 22:42:44 UTC

Import patches-unapplied version 7.62.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d01bb3995bacebb128796f811b9145df55d40906

New changelog entries:
  * New upstream release
    + Fix NTLM password overflow via integer overflow as per CVE-2018-14618
      (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
    + Fix SASL password overflow via integer overflow as per CVE-2018-16839
      https://curl.haxx.se/docs/CVE-2018-16839.html
    + Fix use-after-free in handle close as per CVE-2018-16840
      https://curl.haxx.se/docs/CVE-2018-16840.html
    + Fix warning message out-of-buffer read as per CVE-2018-16842
      https://curl.haxx.se/docs/CVE-2018-16842.html
    + Fix broken terminal output (closes: #911333)
  * Refresh patches
  * Add 12_fix-runtests-curl.patch to fix running curl in tests

applied/debian/sid 2018-11-01 04:29:34 UTC 2018-11-01
Import patches-applied version 7.62.0-1 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2018-10-31 22:42:44 UTC

Import patches-applied version 7.62.0-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 968c1d5e34b1fa945c39a5a7aae9de4111d8bc08
Unapplied parent: dae796664de6578012fc48c59face52170a2ea38

New changelog entries:
  * New upstream release
    + Fix NTLM password overflow via integer overflow as per CVE-2018-14618
      (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
    + Fix SASL password overflow via integer overflow as per CVE-2018-16839
      https://curl.haxx.se/docs/CVE-2018-16839.html
    + Fix use-after-free in handle close as per CVE-2018-16840
      https://curl.haxx.se/docs/CVE-2018-16840.html
    + Fix warning message out-of-buffer read as per CVE-2018-16842
      https://curl.haxx.se/docs/CVE-2018-16842.html
    + Fix broken terminal output (closes: #911333)
  * Refresh patches
  * Add 12_fix-runtests-curl.patch to fix running curl in tests

debian/sid 2018-11-01 04:29:34 UTC 2018-11-01
Import patches-unapplied version 7.62.0-1 to debian/sid

Author: Alessandro Ghedini
Author Date: 2018-10-31 22:42:44 UTC

Import patches-unapplied version 7.62.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d01bb3995bacebb128796f811b9145df55d40906

New changelog entries:
  * New upstream release
    + Fix NTLM password overflow via integer overflow as per CVE-2018-14618
      (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
    + Fix SASL password overflow via integer overflow as per CVE-2018-16839
      https://curl.haxx.se/docs/CVE-2018-16839.html
    + Fix use-after-free in handle close as per CVE-2018-16840
      https://curl.haxx.se/docs/CVE-2018-16840.html
    + Fix warning message out-of-buffer read as per CVE-2018-16842
      https://curl.haxx.se/docs/CVE-2018-16842.html
    + Fix broken terminal output (closes: #911333)
  * Refresh patches
  * Add 12_fix-runtests-curl.patch to fix running curl in tests

importer/ubuntu/dsc 2018-10-31 20:46:42 UTC 2018-10-31
DSC file for 7.47.0-1ubuntu2.11

Author: Ubuntu Git Importer
Author Date: 2018-10-31 20:46:42 UTC

DSC file for 7.47.0-1ubuntu2.11

applied/ubuntu/trusty-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.35.0-1ubuntu2.19 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:15:06 UTC

Import patches-applied version 7.35.0-1ubuntu2.19 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 75fd66fedb67729eadfb7207d8bd28249f63c777
Unapplied parent: e5463394aca34f540d1ba1f408b373f76136d46b

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/bionic-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.58.0-2ubuntu3.5 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:10:57 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b8ade5c802760ed54e5ce0731530ac79f593609f

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/bionic-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.58.0-2ubuntu3.5 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:10:57 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b8ade5c802760ed54e5ce0731530ac79f593609f

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/cosmic-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0f00114d5f691d4aae05fddc5fb1088f4f870ff2
Unapplied parent: 69b8704df97bd60af5f2b120c9eb842c2e47597a

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/cosmic-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/xenial-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.47.0-1ubuntu2.11 to ubuntu/xenial-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:13:39 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b041e62f9cd4c530db1d120f639dc317edbb2eee

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/disco-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/cosmic-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0f00114d5f691d4aae05fddc5fb1088f4f870ff2
Unapplied parent: 69b8704df97bd60af5f2b120c9eb842c2e47597a

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/xenial-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.47.0-1ubuntu2.11 to applied/ubuntu/xenial-se...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:13:39 UTC

Import patches-applied version 7.47.0-1ubuntu2.11 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 6f93ed2e59fcf093909e5326b2bb14fd46e03ed8
Unapplied parent: 1fa35a81cdf88a7aab4039d49f28a1e57f67be99

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/trusty-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.35.0-1ubuntu2.19 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:15:06 UTC

Import patches-applied version 7.35.0-1ubuntu2.19 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 75fd66fedb67729eadfb7207d8bd28249f63c777
Unapplied parent: e5463394aca34f540d1ba1f408b373f76136d46b

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/disco 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0f00114d5f691d4aae05fddc5fb1088f4f870ff2
Unapplied parent: 69b8704df97bd60af5f2b120c9eb842c2e47597a

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/disco 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/xenial-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.47.0-1ubuntu2.11 to ubuntu/xenial-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:13:39 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b041e62f9cd4c530db1d120f639dc317edbb2eee

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/bionic-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.58.0-2ubuntu3.5 to applied/ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:10:57 UTC

Import patches-applied version 7.58.0-2ubuntu3.5 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a437f0010511582d1edb6655ce3d931c8caaf9be
Unapplied parent: 91be763d1f5eccfdea2e4ea9142d9a8dda05f41e

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/bionic-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.58.0-2ubuntu3.5 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:10:57 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.5 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: b8ade5c802760ed54e5ce0731530ac79f593609f

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/xenial-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.47.0-1ubuntu2.11 to applied/ubuntu/xenial-se...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:13:39 UTC

Import patches-applied version 7.47.0-1ubuntu2.11 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 6f93ed2e59fcf093909e5326b2bb14fd46e03ed8
Unapplied parent: 1fa35a81cdf88a7aab4039d49f28a1e57f67be99

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/xenial-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.47.0-1ubuntu2.11 to applied/ubuntu/xenial-se...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:13:39 UTC

Import patches-applied version 7.47.0-1ubuntu2.11 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 6f93ed2e59fcf093909e5326b2bb14fd46e03ed8
Unapplied parent: 1fa35a81cdf88a7aab4039d49f28a1e57f67be99

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/cosmic-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/bionic-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.58.0-2ubuntu3.5 to applied/ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:10:57 UTC

Import patches-applied version 7.58.0-2ubuntu3.5 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a437f0010511582d1edb6655ce3d931c8caaf9be
Unapplied parent: 91be763d1f5eccfdea2e4ea9142d9a8dda05f41e

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/bionic-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.58.0-2ubuntu3.5 to applied/ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:10:57 UTC

Import patches-applied version 7.58.0-2ubuntu3.5 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a437f0010511582d1edb6655ce3d931c8caaf9be
Unapplied parent: 91be763d1f5eccfdea2e4ea9142d9a8dda05f41e

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/trusty-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.35.0-1ubuntu2.19 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:15:06 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.19 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c779f5476b0780c46e59becbefa69e68ecaafcab

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/trusty-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.35.0-1ubuntu2.19 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:15:06 UTC

Import patches-applied version 7.35.0-1ubuntu2.19 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 75fd66fedb67729eadfb7207d8bd28249f63c777
Unapplied parent: e5463394aca34f540d1ba1f408b373f76136d46b

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0f00114d5f691d4aae05fddc5fb1088f4f870ff2
Unapplied parent: 69b8704df97bd60af5f2b120c9eb842c2e47597a

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/disco-proposed 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/xenial-updates 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.47.0-1ubuntu2.11 to ubuntu/xenial-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:13:39 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b041e62f9cd4c530db1d120f639dc317edbb2eee

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/disco-proposed 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0f00114d5f691d4aae05fddc5fb1088f4f870ff2
Unapplied parent: 69b8704df97bd60af5f2b120c9eb842c2e47597a

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/trusty-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.35.0-1ubuntu2.19 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:15:06 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.19 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c779f5476b0780c46e59becbefa69e68ecaafcab

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/trusty-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.35.0-1ubuntu2.19 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:15:06 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.19 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c779f5476b0780c46e59becbefa69e68ecaafcab

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/disco-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0f00114d5f691d4aae05fddc5fb1088f4f870ff2
Unapplied parent: 69b8704df97bd60af5f2b120c9eb842c2e47597a

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/cosmic-devel 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-applied version 7.61.0-1ubuntu2.2 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0f00114d5f691d4aae05fddc5fb1088f4f870ff2
Unapplied parent: 69b8704df97bd60af5f2b120c9eb842c2e47597a

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

ubuntu/cosmic-security 2018-10-31 12:33:12 UTC 2018-10-31
Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2018-10-29 12:08:34 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 3f21e79e0371cbd1a67a4157337e2b6c25f5b3a7

New changelog entries:
  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: use-after-free in handle close
    - debian/patches/CVE-2018-16840.patch: fix issue in lib/url.c.
    - CVE-2018-16840
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

applied/ubuntu/cosmic-proposed 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3e6c8006de9eefcb90bb5fdb9738a93219ccc7be
Unapplied parent: d18d419795b897df204c35936e4a88d900738534

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

applied/ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3e6c8006de9eefcb90bb5fdb9738a93219ccc7be
Unapplied parent: d18d419795b897df204c35936e4a88d900738534

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/cosmic-proposed 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 01125cbd2b9c8e2d6c86fdb934d9c80a7b53459e
Unapplied parent: 896568dac13c1d39e82ca3db9239d1daddf9688f

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d0b32955476198b6eb5cf4535e2ab8663725ef56

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

applied/ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

applied/ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

importer/ubuntu/pristine-tar 2018-03-07 06:22:20 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 06:22:20 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

importer/debian/pristine-tar 2018-03-07 04:55:25 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 04:55:25 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

applied/debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-applied version 7.58.0-3 to applied/debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-applied version 7.58.0-3 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 6c38275215b190748bc29ab469e21f25c1e0b117
Unapplied parent: bbc08c0a3529eeb41989fb7666ad40f94d194ed8

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-unapplied version 7.58.0-3 to debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-unapplied version 7.58.0-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

applied/ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/trusty-proposed 2016-08-31 16:24:27 UTC 2016-08-31
Import patches-unapplied version 7.35.0-1ubuntu2.9 to ubuntu/trusty-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-28 19:27:34 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.9 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 0c4dec9eaecaba6ee5e057990e55d2475bc5442f

New changelog entries:
  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

applied/ubuntu/trusty-proposed 2016-08-31 16:24:27 UTC 2016-08-31
Import patches-applied version 7.35.0-1ubuntu2.9 to applied/ubuntu/trusty-pro...

Author: Gianfranco Costamagna
Author Date: 2016-08-28 19:27:34 UTC

Import patches-applied version 7.35.0-1ubuntu2.9 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: aefa5bf5a4c9f3d0202667f8a6d189b9d656cc3a
Unapplied parent: 109fe039e21ebd865d3177d2c78e2707434ebd17

New changelog entries:
  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

applied/ubuntu/yakkety-proposed 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-prop...

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e6250073c1ab4544a30431ac3315400fa664ec44
Unapplied parent: afba32c215c0d4c43297dbed8959b4adaa5ffd6d

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

applied/ubuntu/yakkety 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-prop...

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e6250073c1ab4544a30431ac3315400fa664ec44
Unapplied parent: afba32c215c0d4c43297dbed8959b4adaa5ffd6d

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

ubuntu/yakkety-proposed 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 66b33c5f29c1408e27467e38ecd7c7b31dd66572

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

ubuntu/yakkety 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 66b33c5f29c1408e27467e38ecd7c7b31dd66572

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

applied/ubuntu/xenial 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 953a14452cfc2aa3c8a1cbee488527c18e0994ff
Unapplied parent: ec0c316ef41b5ffafeb837447d5520d66d7cc223

New changelog entries:
  * No-change rebuild for gnutls transition.

ubuntu/xenial-proposed 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: f1bee65f395107446f35f5d2d8199e6b4b2dd167

New changelog entries:
  * No-change rebuild for gnutls transition.

ubuntu/xenial 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: f1bee65f395107446f35f5d2d8199e6b4b2dd167

New changelog entries:
  * No-change rebuild for gnutls transition.

applied/ubuntu/xenial-proposed 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 953a14452cfc2aa3c8a1cbee488527c18e0994ff
Unapplied parent: ec0c316ef41b5ffafeb837447d5520d66d7cc223

New changelog entries:
  * No-change rebuild for gnutls transition.

applied/ubuntu/wily-devel 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-applied version 7.43.0-1ubuntu2.1 to applied/ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-01-26 14:50:28 UTC

Import patches-applied version 7.43.0-1ubuntu2.1 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: e3cfecec5c50110f60071096f5bca96c386a9610
Unapplied parent: 647a5a158c8a69e5e740eb48b31257f089f57e38

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

ubuntu/wily-security 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-01-26 14:50:28 UTC

Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 4f3222dabb16e01f90d1a39c6f7dc694a95bb803

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

ubuntu/wily-updates 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-01-26 14:50:28 UTC

Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 4f3222dabb16e01f90d1a39c6f7dc694a95bb803

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

applied/ubuntu/vivid-security 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-applied version 7.38.0-3ubuntu2.3 to applied/ubuntu/vivid-secu...

Author: Marc Deslauriers
Author Date: 2016-01-26 15:02:06 UTC

Import patches-applied version 7.38.0-3ubuntu2.3 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: b4169612340541eb1467ab5e6fb4d0033209b767
Unapplied parent: 05701315036ca7e6d41b5d1df00c3f1aca74d997

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

1100 of 284 results

Other repositories

Name Last Modified
lp:ubuntu/+source/curl 2018-12-01
lp:~paelzer/ubuntu/+source/curl 2017-12-07
12 of 2 results
You can't create new repositories for curl in Ubuntu.