View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/debian/dsc 2019-12-01 22:43:11 UTC 2019-12-01
DSC file for 7.67.0-2

Author: Ubuntu Git Importer
Author Date: 2019-12-01 22:43:11 UTC

DSC file for 7.67.0-2

applied/debian/sid 2019-12-01 22:28:17 UTC 2019-12-01
Import patches-applied version 7.67.0-2 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2019-12-01 13:29:28 UTC

Import patches-applied version 7.67.0-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5135de22a35ce7beb2097b6ba804627879b9a689
Unapplied parent: 35d70984bc78445db887cb91eef5d7bf867f4fde

New changelog entries:
  * Restore :native annotation for python3 Build-Depends.
    Thanks to Helmut Grohne for the patch (Closes: #945928)

debian/sid 2019-12-01 22:28:17 UTC 2019-12-01
Import patches-unapplied version 7.67.0-2 to debian/sid

Author: Alessandro Ghedini
Author Date: 2019-12-01 13:29:28 UTC

Import patches-unapplied version 7.67.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0ced160c339c26597c6143a486721409b168ff69

New changelog entries:
  * Restore :native annotation for python3 Build-Depends.
    Thanks to Helmut Grohne for the patch (Closes: #945928)

importer/ubuntu/dsc 2019-11-13 01:31:41 UTC 2019-11-13
DSC file for 7.66.0-1ubuntu1

Author: Ubuntu Git Importer
Author Date: 2019-11-13 01:31:41 UTC

DSC file for 7.66.0-1ubuntu1

applied/ubuntu/focal-proposed 2019-11-13 01:28:47 UTC 2019-11-13
Import patches-applied version 7.66.0-1ubuntu1 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-11-13 01:05:51 UTC

Import patches-applied version 7.66.0-1ubuntu1 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 9b14e22ea758ce70dcea9e409ca362fd11238dc9
Unapplied parent: 807a601c55b9e51daf5345d87fca79b30f75423f

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/control, debian/rules: build with libssh instead of libssh2.
  * Dropped changes, included upstream:
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c

applied/ubuntu/devel 2019-11-13 01:28:47 UTC 2019-11-13
Import patches-applied version 7.66.0-1ubuntu1 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-11-13 01:05:51 UTC

Import patches-applied version 7.66.0-1ubuntu1 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 9b14e22ea758ce70dcea9e409ca362fd11238dc9
Unapplied parent: 807a601c55b9e51daf5345d87fca79b30f75423f

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/control, debian/rules: build with libssh instead of libssh2.
  * Dropped changes, included upstream:
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c

ubuntu/focal-devel 2019-11-13 01:28:47 UTC 2019-11-13
Import patches-unapplied version 7.66.0-1ubuntu1 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-11-13 01:05:51 UTC

Import patches-unapplied version 7.66.0-1ubuntu1 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: cca9cb1278a6347bf4290d7c00bf61b258162dc9

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/control, debian/rules: build with libssh instead of libssh2.
  * Dropped changes, included upstream:
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c

applied/ubuntu/focal-devel 2019-11-13 01:28:47 UTC 2019-11-13
Import patches-applied version 7.66.0-1ubuntu1 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-11-13 01:05:51 UTC

Import patches-applied version 7.66.0-1ubuntu1 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 9b14e22ea758ce70dcea9e409ca362fd11238dc9
Unapplied parent: 807a601c55b9e51daf5345d87fca79b30f75423f

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/control, debian/rules: build with libssh instead of libssh2.
  * Dropped changes, included upstream:
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c

ubuntu/focal-proposed 2019-11-13 01:28:47 UTC 2019-11-13
Import patches-unapplied version 7.66.0-1ubuntu1 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-11-13 01:05:51 UTC

Import patches-unapplied version 7.66.0-1ubuntu1 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: cca9cb1278a6347bf4290d7c00bf61b258162dc9

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/control, debian/rules: build with libssh instead of libssh2.
  * Dropped changes, included upstream:
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c

ubuntu/devel 2019-11-13 01:28:47 UTC 2019-11-13
Import patches-unapplied version 7.66.0-1ubuntu1 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-11-13 01:05:51 UTC

Import patches-unapplied version 7.66.0-1ubuntu1 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: cca9cb1278a6347bf4290d7c00bf61b258162dc9

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/control, debian/rules: build with libssh instead of libssh2.
  * Dropped changes, included upstream:
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
       double-free on large memory allocation failures
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c

ubuntu/focal 2019-10-31 22:13:13 UTC 2019-10-31
Import patches-unapplied version 7.65.3-1ubuntu4 to ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-10-31 22:10:02 UTC

Import patches-unapplied version 7.65.3-1ubuntu4 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: a2668356e9bffe297a80f8b0aa2c5e9df31cd932

New changelog entries:
  * No-change rebuild against libnettle7

applied/ubuntu/focal 2019-10-31 22:13:13 UTC 2019-10-31
Import patches-applied version 7.65.3-1ubuntu4 to applied/ubuntu/focal-proposed

Author: Steve Langasek
Author Date: 2019-10-31 22:10:02 UTC

Import patches-applied version 7.65.3-1ubuntu4 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 98697019faed81db224c9a5643cd86e350d007b5
Unapplied parent: 55e934ff0c03d7af39f58c0a48a7910fa82af87a

New changelog entries:
  * No-change rebuild against libnettle7

applied/ubuntu/eoan-proposed 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6da31b8f6de9e2c7811783945c2ea930b1de37d5
Unapplied parent: c32c59e593557ae4ceae291a88b6714c53875018

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/eoan-proposed 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 025797b055a7ab8ea00e7c8fcbca8412c23376fc

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/eoan 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 025797b055a7ab8ea00e7c8fcbca8412c23376fc

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/eoan-devel 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 025797b055a7ab8ea00e7c8fcbca8412c23376fc

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/eoan 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6da31b8f6de9e2c7811783945c2ea930b1de37d5
Unapplied parent: c32c59e593557ae4ceae291a88b6714c53875018

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/eoan-devel 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6da31b8f6de9e2c7811783945c2ea930b1de37d5
Unapplied parent: c32c59e593557ae4ceae291a88b6714c53875018

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/disco-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-secu...

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: dccf98ef134849d5f9265d0365db17c3d7aa73a4
Unapplied parent: 2d4adbf84b8cbe16d34bdca4ac5ede5881534776

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/xenial-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-se...

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: dbb3afb8f015476824c22d84cbcd6c453f742885
Unapplied parent: 46bd4dd600f86dc7d3526e57d52a6137ee48a38e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/bionic-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6e076cee6ce9f5a88a154f9c180377f52761fc60

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/bionic-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-sec...

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 298b3763eb258451e747906512dfe977363ff474
Unapplied parent: c62981b29b64fa1154be20ef4773f0e2ae432502

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/xenial-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f447e332723f0a54454918ac3ac7449e1d08727e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/bionic-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6e076cee6ce9f5a88a154f9c180377f52761fc60

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/bionic-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-sec...

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 298b3763eb258451e747906512dfe977363ff474
Unapplied parent: c62981b29b64fa1154be20ef4773f0e2ae432502

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/disco-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-secu...

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: dccf98ef134849d5f9265d0365db17c3d7aa73a4
Unapplied parent: 2d4adbf84b8cbe16d34bdca4ac5ede5881534776

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/xenial-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-se...

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: dbb3afb8f015476824c22d84cbcd6c453f742885
Unapplied parent: 46bd4dd600f86dc7d3526e57d52a6137ee48a38e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/xenial-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-se...

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: dbb3afb8f015476824c22d84cbcd6c453f742885
Unapplied parent: 46bd4dd600f86dc7d3526e57d52a6137ee48a38e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/disco-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: b3f3a3861ec95247b8ae426d30a9f5bf49527bb1

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/xenial-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f447e332723f0a54454918ac3ac7449e1d08727e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/disco-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: b3f3a3861ec95247b8ae426d30a9f5bf49527bb1

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/bionic-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6e076cee6ce9f5a88a154f9c180377f52761fc60

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/xenial-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f447e332723f0a54454918ac3ac7449e1d08727e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/disco-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-secu...

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: dccf98ef134849d5f9265d0365db17c3d7aa73a4
Unapplied parent: 2d4adbf84b8cbe16d34bdca4ac5ede5881534776

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/disco-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: b3f3a3861ec95247b8ae426d30a9f5bf49527bb1

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/bionic-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-sec...

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 298b3763eb258451e747906512dfe977363ff474
Unapplied parent: c62981b29b64fa1154be20ef4773f0e2ae432502

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

debian/buster 2019-06-15 04:27:38 UTC 2019-06-15
Import patches-unapplied version 7.64.0-4 to debian/sid

Author: Alessandro Ghedini
Author Date: 2019-06-14 18:23:32 UTC

Import patches-unapplied version 7.64.0-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 961ba65d8a086ebf69f284c0e8e3ab831ef4c833

New changelog entries:
  * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
    https://curl.haxx.se/docs/CVE-2019-5436.html
  * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
    https://curl.haxx.se/docs/CVE-2019-5435.html

applied/debian/buster 2019-06-15 04:27:38 UTC 2019-06-15
Import patches-applied version 7.64.0-4 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2019-06-14 18:23:32 UTC

Import patches-applied version 7.64.0-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 0ce951d4aaf3b7760917e9e8a916608ed94121c8
Unapplied parent: d3b5dfea3b8901b1e44f818e4bd6574926880cc4

New changelog entries:
  * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
    https://curl.haxx.se/docs/CVE-2019-5436.html
  * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
    https://curl.haxx.se/docs/CVE-2019-5435.html

applied/ubuntu/cosmic-devel 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-pro...

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3ed9eb93477313bf04a5ad271759977d558fbb9e
Unapplied parent: 15613236464e0db30db2dce173efab6958930bb0

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

ubuntu/cosmic-proposed 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ea93e767a5847ea4d19e426ef1042213b219673f

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

applied/ubuntu/cosmic-proposed 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-pro...

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3ed9eb93477313bf04a5ad271759977d558fbb9e
Unapplied parent: 15613236464e0db30db2dce173efab6958930bb0

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

ubuntu/cosmic-devel 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ea93e767a5847ea4d19e426ef1042213b219673f

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

ubuntu/cosmic-updates 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 6a6aca778785b3f29a8580b5c9f914dd25f05693

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

applied/ubuntu/cosmic-updates 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9954ba685d174786455af05940c413e61ab59ed2
Unapplied parent: e914c1fd5e9e3dc8d63fc8d976eb5776f5c2c845

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

applied/ubuntu/cosmic-security 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9954ba685d174786455af05940c413e61ab59ed2
Unapplied parent: e914c1fd5e9e3dc8d63fc8d976eb5776f5c2c845

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

ubuntu/cosmic-security 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 6a6aca778785b3f29a8580b5c9f914dd25f05693

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

ubuntu/disco-proposed 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 8adf12e02041b5ba0eced44c50e182c3fe24a0a8

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

ubuntu/disco 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 8adf12e02041b5ba0eced44c50e182c3fe24a0a8

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/ubuntu/disco-proposed 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: cbc04078deef87006a6d968599a8b1e6d35d0058
Unapplied parent: 2e7bb28c1eaaf183126c0a9d7648c64b13515d4d

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/ubuntu/disco 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: cbc04078deef87006a6d968599a8b1e6d35d0058
Unapplied parent: 2e7bb28c1eaaf183126c0a9d7648c64b13515d4d

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/debian/stretch 2019-02-16 17:04:34 UTC 2019-02-16
Import patches-applied version 7.52.1-5+deb9u9 to applied/debian/stretch

Author: Alessandro Ghedini
Author Date: 2019-02-04 20:55:32 UTC

Import patches-applied version 7.52.1-5+deb9u9 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 4529e3e06a61b3a45eaabecd26175ea5d37c4725
Unapplied parent: 762c78527bc489d44ae08c93f8f8df9643a91cee

New changelog entries:
  * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
    https://curl.haxx.se/docs/CVE-2018-16890.html
  * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
    https://curl.haxx.se/docs/CVE-2019-3822.html
  * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
    https://curl.haxx.se/docs/CVE-2019-3823.html

debian/stretch 2019-02-16 17:04:34 UTC 2019-02-16
Import patches-unapplied version 7.52.1-5+deb9u9 to debian/stretch

Author: Alessandro Ghedini
Author Date: 2019-02-04 20:55:32 UTC

Import patches-unapplied version 7.52.1-5+deb9u9 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 8e86840b3ef698de552c67f3a4711b949fd87130

New changelog entries:
  * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
    https://curl.haxx.se/docs/CVE-2018-16890.html
  * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
    https://curl.haxx.se/docs/CVE-2019-3822.html
  * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
    https://curl.haxx.se/docs/CVE-2019-3823.html

applied/ubuntu/trusty-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3e6c8006de9eefcb90bb5fdb9738a93219ccc7be
Unapplied parent: d18d419795b897df204c35936e4a88d900738534

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 01125cbd2b9c8e2d6c86fdb934d9c80a7b53459e
Unapplied parent: 896568dac13c1d39e82ca3db9239d1daddf9688f

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d0b32955476198b6eb5cf4535e2ab8663725ef56

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

applied/ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

applied/ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

importer/ubuntu/pristine-tar 2018-03-07 06:22:20 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 06:22:20 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

importer/debian/pristine-tar 2018-03-07 04:55:25 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 04:55:25 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-unapplied version 7.58.0-3 to debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-unapplied version 7.58.0-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

applied/debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-applied version 7.58.0-3 to applied/debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-applied version 7.58.0-3 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 6c38275215b190748bc29ab469e21f25c1e0b117
Unapplied parent: bbc08c0a3529eeb41989fb7666ad40f94d194ed8

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

applied/ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

1100 of 300 results

Other repositories

Name Last Modified
lp:ubuntu/+source/curl 2019-12-01
lp:~paelzer/ubuntu/+source/curl 2017-12-07
12 of 2 results
You can't create new repositories for curl in Ubuntu.