View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/debian/dsc 2019-03-08 04:38:44 UTC 2019-03-08
DSC file for 7.64.0-2

Author: Ubuntu Git Importer
Author Date: 2019-03-08 04:38:44 UTC

DSC file for 7.64.0-2

debian/sid 2019-03-08 04:29:06 UTC 2019-03-08
Import patches-unapplied version 7.64.0-2 to debian/sid

Author: Alessandro Ghedini
Author Date: 2019-03-07 20:02:35 UTC

Import patches-unapplied version 7.64.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: eeb6703b488e4a663508622fefdb7086850967a6

New changelog entries:
  * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554)

applied/debian/sid 2019-03-08 04:29:06 UTC 2019-03-08
Import patches-applied version 7.64.0-2 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2019-03-07 20:02:35 UTC

Import patches-applied version 7.64.0-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 86d023b4ba04d9a86505ab5d5a6c89d5a6cae5b2
Unapplied parent: c2ed5bf9110aa73892640d8b1ba0ce654366ade6

New changelog entries:
  * Fix infinite loop when fetching URLs with unreachable IPv6 (Closes: #922554)

applied/debian/stretch 2019-02-16 17:04:34 UTC 2019-02-16
Import patches-applied version 7.52.1-5+deb9u9 to applied/debian/stretch

Author: Alessandro Ghedini
Author Date: 2019-02-04 20:55:32 UTC

Import patches-applied version 7.52.1-5+deb9u9 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 4529e3e06a61b3a45eaabecd26175ea5d37c4725
Unapplied parent: 762c78527bc489d44ae08c93f8f8df9643a91cee

New changelog entries:
  * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
    https://curl.haxx.se/docs/CVE-2018-16890.html
  * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
    https://curl.haxx.se/docs/CVE-2019-3822.html
  * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
    https://curl.haxx.se/docs/CVE-2019-3823.html

debian/stretch 2019-02-16 17:04:34 UTC 2019-02-16
Import patches-unapplied version 7.52.1-5+deb9u9 to debian/stretch

Author: Alessandro Ghedini
Author Date: 2019-02-04 20:55:32 UTC

Import patches-unapplied version 7.52.1-5+deb9u9 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 8e86840b3ef698de552c67f3a4711b949fd87130

New changelog entries:
  * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
    https://curl.haxx.se/docs/CVE-2018-16890.html
  * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
    https://curl.haxx.se/docs/CVE-2019-3822.html
  * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
    https://curl.haxx.se/docs/CVE-2019-3823.html

importer/ubuntu/dsc 2019-02-14 16:09:04 UTC 2019-02-14
DSC file for 7.64.0-1ubuntu1

Author: Ubuntu Git Importer
Author Date: 2019-02-14 16:09:04 UTC

DSC file for 7.64.0-1ubuntu1

applied/ubuntu/disco-devel 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 86d023b4ba04d9a86505ab5d5a6c89d5a6cae5b2
Unapplied parent: fa77ac96db8a075cdc5484de3b84101b9e3c301c

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

ubuntu/disco-proposed 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: eeb6703b488e4a663508622fefdb7086850967a6

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/ubuntu/disco 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 86d023b4ba04d9a86505ab5d5a6c89d5a6cae5b2
Unapplied parent: fa77ac96db8a075cdc5484de3b84101b9e3c301c

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

ubuntu/devel 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: eeb6703b488e4a663508622fefdb7086850967a6

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

ubuntu/disco 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: eeb6703b488e4a663508622fefdb7086850967a6

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/ubuntu/disco-proposed 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 86d023b4ba04d9a86505ab5d5a6c89d5a6cae5b2
Unapplied parent: fa77ac96db8a075cdc5484de3b84101b9e3c301c

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

ubuntu/disco-devel 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-unapplied version 7.64.0-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: eeb6703b488e4a663508622fefdb7086850967a6

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/ubuntu/devel 2019-02-14 15:53:13 UTC 2019-02-14
Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Author: Sebastien Bacher
Author Date: 2019-02-14 15:49:23 UTC

Import patches-applied version 7.64.0-1ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 86d023b4ba04d9a86505ab5d5a6c89d5a6cae5b2
Unapplied parent: fa77ac96db8a075cdc5484de3b84101b9e3c301c

New changelog entries:
  * Resynchronize with Debian, remaining change
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

debian/buster 2019-02-07 04:30:03 UTC 2019-02-07
Import patches-unapplied version 7.64.0-1 to debian/sid

Author: Alessandro Ghedini
Author Date: 2019-02-06 22:33:05 UTC

Import patches-unapplied version 7.64.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e202d40710f7d1e52fa1b3026ff477b186de5b8d

New changelog entries:
  * New upstream release
    + Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
      https://curl.haxx.se/docs/CVE-2018-16890.html
    + Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
      https://curl.haxx.se/docs/CVE-2019-3822.html
    + Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
      https://curl.haxx.se/docs/CVE-2019-3823.html
    + Fix HTTP negotiation with POST requests (Closes: #920267)

applied/debian/buster 2019-02-07 04:30:03 UTC 2019-02-07
Import patches-applied version 7.64.0-1 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2019-02-06 22:33:05 UTC

Import patches-applied version 7.64.0-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 0b80915724c51513e38d2278d8a276be22c4a0c4
Unapplied parent: 2777e9f7d21cf7caeab2ad5a098d8bb0232c20f5

New changelog entries:
  * New upstream release
    + Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
      https://curl.haxx.se/docs/CVE-2018-16890.html
    + Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
      https://curl.haxx.se/docs/CVE-2019-3822.html
    + Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
      https://curl.haxx.se/docs/CVE-2019-3823.html
    + Fix HTTP negotiation with POST requests (Closes: #920267)

ubuntu/xenial-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.47.0-1ubuntu2.12 to ubuntu/xenial-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:58:54 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.12 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a5ecd0bc001a5374d9199666d7661dc4bddeb58b

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/cosmic-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.61.0-1ubuntu2.3 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:44:13 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: cbf2f8324e4db24a7c7d41e9ef5dab256c1fb3b0

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/cosmic-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.61.0-1ubuntu2.3 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:44:13 UTC

Import patches-applied version 7.61.0-1ubuntu2.3 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0c60163c88461a13e111e47b7a22f2465f1ae496
Unapplied parent: b3626066c8d78347da9ad39e875aca4e71b834c7

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/bionic-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.58.0-2ubuntu3.6 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:48:30 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d37b2f7addddcd93fae4c8fb5ff7850696c64d44

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/bionic-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.58.0-2ubuntu3.6 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:48:30 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d37b2f7addddcd93fae4c8fb5ff7850696c64d44

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/cosmic-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.61.0-1ubuntu2.3 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:44:13 UTC

Import patches-applied version 7.61.0-1ubuntu2.3 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0c60163c88461a13e111e47b7a22f2465f1ae496
Unapplied parent: b3626066c8d78347da9ad39e875aca4e71b834c7

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/bionic-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.58.0-2ubuntu3.6 to applied/ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:48:30 UTC

Import patches-applied version 7.58.0-2ubuntu3.6 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 4ab91fe98a693d8741633d5f10758fb8b8147364
Unapplied parent: b5492161b164ad1de61e6c78a9ac84b40f92e260

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/xenial-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.47.0-1ubuntu2.12 to ubuntu/xenial-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:58:54 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.12 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a5ecd0bc001a5374d9199666d7661dc4bddeb58b

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/cosmic-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.61.0-1ubuntu2.3 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:44:13 UTC

Import patches-applied version 7.61.0-1ubuntu2.3 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 0c60163c88461a13e111e47b7a22f2465f1ae496
Unapplied parent: b3626066c8d78347da9ad39e875aca4e71b834c7

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/cosmic-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.61.0-1ubuntu2.3 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:44:13 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: cbf2f8324e4db24a7c7d41e9ef5dab256c1fb3b0

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/bionic-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.58.0-2ubuntu3.6 to applied/ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:48:30 UTC

Import patches-applied version 7.58.0-2ubuntu3.6 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 4ab91fe98a693d8741633d5f10758fb8b8147364
Unapplied parent: b5492161b164ad1de61e6c78a9ac84b40f92e260

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/bionic-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.58.0-2ubuntu3.6 to applied/ubuntu/bionic-sec...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:48:30 UTC

Import patches-applied version 7.58.0-2ubuntu3.6 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 4ab91fe98a693d8741633d5f10758fb8b8147364
Unapplied parent: b5492161b164ad1de61e6c78a9ac84b40f92e260

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/xenial-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.47.0-1ubuntu2.12 to applied/ubuntu/xenial-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:58:54 UTC

Import patches-applied version 7.47.0-1ubuntu2.12 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f9a72b51a6dd5c627e78dd72c5212899dfb69403
Unapplied parent: 186dce729e4277dfc17ef47bc833700a1e429fbf

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/bionic-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.58.0-2ubuntu3.6 to ubuntu/bionic-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:48:30 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.6 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d37b2f7addddcd93fae4c8fb5ff7850696c64d44

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/xenial-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.47.0-1ubuntu2.12 to applied/ubuntu/xenial-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:58:54 UTC

Import patches-applied version 7.47.0-1ubuntu2.12 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f9a72b51a6dd5c627e78dd72c5212899dfb69403
Unapplied parent: 186dce729e4277dfc17ef47bc833700a1e429fbf

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/xenial-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.47.0-1ubuntu2.12 to ubuntu/xenial-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:58:54 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.12 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a5ecd0bc001a5374d9199666d7661dc4bddeb58b

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/xenial-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.47.0-1ubuntu2.12 to applied/ubuntu/xenial-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 13:58:54 UTC

Import patches-applied version 7.47.0-1ubuntu2.12 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f9a72b51a6dd5c627e78dd72c5212899dfb69403
Unapplied parent: 186dce729e4277dfc17ef47bc833700a1e429fbf

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/cosmic-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.61.0-1ubuntu2.3 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2019-01-29 13:44:13 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: cbf2f8324e4db24a7c7d41e9ef5dab256c1fb3b0

New changelog entries:
  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/cosmic-proposed 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3e6c8006de9eefcb90bb5fdb9738a93219ccc7be
Unapplied parent: d18d419795b897df204c35936e4a88d900738534

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

applied/ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3e6c8006de9eefcb90bb5fdb9738a93219ccc7be
Unapplied parent: d18d419795b897df204c35936e4a88d900738534

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/cosmic-proposed 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 01125cbd2b9c8e2d6c86fdb934d9c80a7b53459e
Unapplied parent: 896568dac13c1d39e82ca3db9239d1daddf9688f

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d0b32955476198b6eb5cf4535e2ab8663725ef56

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

applied/ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

applied/ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

importer/ubuntu/pristine-tar 2018-03-07 06:22:20 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 06:22:20 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

importer/debian/pristine-tar 2018-03-07 04:55:25 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 04:55:25 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

applied/debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-applied version 7.58.0-3 to applied/debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-applied version 7.58.0-3 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 6c38275215b190748bc29ab469e21f25c1e0b117
Unapplied parent: bbc08c0a3529eeb41989fb7666ad40f94d194ed8

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-unapplied version 7.58.0-3 to debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-unapplied version 7.58.0-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

applied/ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/trusty-proposed 2016-08-31 16:24:27 UTC 2016-08-31
Import patches-unapplied version 7.35.0-1ubuntu2.9 to ubuntu/trusty-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-28 19:27:34 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.9 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 0c4dec9eaecaba6ee5e057990e55d2475bc5442f

New changelog entries:
  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

applied/ubuntu/trusty-proposed 2016-08-31 16:24:27 UTC 2016-08-31
Import patches-applied version 7.35.0-1ubuntu2.9 to applied/ubuntu/trusty-pro...

Author: Gianfranco Costamagna
Author Date: 2016-08-28 19:27:34 UTC

Import patches-applied version 7.35.0-1ubuntu2.9 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: aefa5bf5a4c9f3d0202667f8a6d189b9d656cc3a
Unapplied parent: 109fe039e21ebd865d3177d2c78e2707434ebd17

New changelog entries:
  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

applied/ubuntu/yakkety-proposed 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-prop...

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e6250073c1ab4544a30431ac3315400fa664ec44
Unapplied parent: afba32c215c0d4c43297dbed8959b4adaa5ffd6d

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

applied/ubuntu/yakkety 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-prop...

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e6250073c1ab4544a30431ac3315400fa664ec44
Unapplied parent: afba32c215c0d4c43297dbed8959b4adaa5ffd6d

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

ubuntu/yakkety-proposed 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 66b33c5f29c1408e27467e38ecd7c7b31dd66572

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

ubuntu/yakkety 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 66b33c5f29c1408e27467e38ecd7c7b31dd66572

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

applied/ubuntu/xenial 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 953a14452cfc2aa3c8a1cbee488527c18e0994ff
Unapplied parent: ec0c316ef41b5ffafeb837447d5520d66d7cc223

New changelog entries:
  * No-change rebuild for gnutls transition.

ubuntu/xenial-proposed 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: f1bee65f395107446f35f5d2d8199e6b4b2dd167

New changelog entries:
  * No-change rebuild for gnutls transition.

ubuntu/xenial 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-unapplied version 7.47.0-1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: f1bee65f395107446f35f5d2d8199e6b4b2dd167

New changelog entries:
  * No-change rebuild for gnutls transition.

applied/ubuntu/xenial-proposed 2016-02-18 07:59:15 UTC 2016-02-18
Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Author: Matthias Klose
Author Date: 2016-02-17 22:40:53 UTC

Import patches-applied version 7.47.0-1ubuntu2 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 953a14452cfc2aa3c8a1cbee488527c18e0994ff
Unapplied parent: ec0c316ef41b5ffafeb837447d5520d66d7cc223

New changelog entries:
  * No-change rebuild for gnutls transition.

applied/ubuntu/wily-devel 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-applied version 7.43.0-1ubuntu2.1 to applied/ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-01-26 14:50:28 UTC

Import patches-applied version 7.43.0-1ubuntu2.1 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: e3cfecec5c50110f60071096f5bca96c386a9610
Unapplied parent: 647a5a158c8a69e5e740eb48b31257f089f57e38

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

ubuntu/wily-security 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-01-26 14:50:28 UTC

Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 4f3222dabb16e01f90d1a39c6f7dc694a95bb803

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

ubuntu/wily-updates 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-01-26 14:50:28 UTC

Import patches-unapplied version 7.43.0-1ubuntu2.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 4f3222dabb16e01f90d1a39c6f7dc694a95bb803

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

applied/ubuntu/vivid-security 2016-01-27 19:04:13 UTC 2016-01-27
Import patches-applied version 7.38.0-3ubuntu2.3 to applied/ubuntu/vivid-secu...

Author: Marc Deslauriers
Author Date: 2016-01-26 15:02:06 UTC

Import patches-applied version 7.38.0-3ubuntu2.3 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: b4169612340541eb1467ab5e6fb4d0033209b767
Unapplied parent: 05701315036ca7e6d41b5d1df00c3f1aca74d997

New changelog entries:
  * SECURITY UPDATE: NTLM credentials not-checked for proxy connection
    re-use
    - debian/patches/CVE-2016-0755.patch: fix ConnectionExists to compare
      Proxy credentials in lib/url.c.
    - CVE-2016-0755

1100 of 284 results

Other repositories

Name Last Modified
lp:ubuntu/+source/curl 2019-03-13
lp:~paelzer/ubuntu/+source/curl 2017-12-07
12 of 2 results
You can't create new repositories for curl in Ubuntu.