View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/debian/dsc 2019-09-15 22:37:44 UTC 2019-09-15
DSC file for 7.66.0-1

Author: Ubuntu Git Importer
Author Date: 2019-09-15 22:37:44 UTC

DSC file for 7.66.0-1

debian/sid 2019-09-15 22:29:15 UTC 2019-09-15
Import patches-unapplied version 7.66.0-1 to debian/sid

Author: Alessandro Ghedini
Author Date: 2019-09-15 14:47:05 UTC

Import patches-unapplied version 7.66.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 61be1b705aa1a58a91b0c110af966e39db1f055a

New changelog entries:
  * New upstream release (Closes: #940024)
    + Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
      https://curl.haxx.se/docs/CVE-2019-5481.html
    + Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
      (Closes: #940010)
      https://curl.haxx.se/docs/CVE-2019-5482.html
  * Refresh patches
  * Enable brotli support (Closes: #940129)
  * Update *.symbols files

applied/debian/sid 2019-09-15 22:29:15 UTC 2019-09-15
Import patches-applied version 7.66.0-1 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2019-09-15 14:47:05 UTC

Import patches-applied version 7.66.0-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: b8d502bdb0229f4c31f3ef5fc774030e7161e551
Unapplied parent: 9b688a1d4f1d33fee083197f684f90d2c8ae3c10

New changelog entries:
  * New upstream release (Closes: #940024)
    + Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
      https://curl.haxx.se/docs/CVE-2019-5481.html
    + Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
      (Closes: #940010)
      https://curl.haxx.se/docs/CVE-2019-5482.html
  * Refresh patches
  * Enable brotli support (Closes: #940129)
  * Update *.symbols files

importer/ubuntu/dsc 2019-09-11 12:21:20 UTC 2019-09-11
DSC file for 7.65.3-1ubuntu3

Author: Ubuntu Git Importer
Author Date: 2019-09-11 12:21:20 UTC

DSC file for 7.65.3-1ubuntu3

applied/ubuntu/eoan-proposed 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6da31b8f6de9e2c7811783945c2ea930b1de37d5
Unapplied parent: c32c59e593557ae4ceae291a88b6714c53875018

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/eoan-proposed 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 025797b055a7ab8ea00e7c8fcbca8412c23376fc

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/devel 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 025797b055a7ab8ea00e7c8fcbca8412c23376fc

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/eoan-devel 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6da31b8f6de9e2c7811783945c2ea930b1de37d5
Unapplied parent: c32c59e593557ae4ceae291a88b6714c53875018

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/eoan-devel 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 025797b055a7ab8ea00e7c8fcbca8412c23376fc

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/eoan 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-unapplied version 7.65.3-1ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 025797b055a7ab8ea00e7c8fcbca8412c23376fc

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/eoan 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6da31b8f6de9e2c7811783945c2ea930b1de37d5
Unapplied parent: c32c59e593557ae4ceae291a88b6714c53875018

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/devel 2019-09-11 12:18:14 UTC 2019-09-11
Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Author: Alex Murray
Author Date: 2019-09-06 05:22:01 UTC

Import patches-applied version 7.65.3-1ubuntu3 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 6da31b8f6de9e2c7811783945c2ea930b1de37d5
Unapplied parent: c32c59e593557ae4ceae291a88b6714c53875018

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/bionic-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6e076cee6ce9f5a88a154f9c180377f52761fc60

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/bionic-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6e076cee6ce9f5a88a154f9c180377f52761fc60

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/xenial-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-se...

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: dbb3afb8f015476824c22d84cbcd6c453f742885
Unapplied parent: 46bd4dd600f86dc7d3526e57d52a6137ee48a38e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/disco-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: b3f3a3861ec95247b8ae426d30a9f5bf49527bb1

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/bionic-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-sec...

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 298b3763eb258451e747906512dfe977363ff474
Unapplied parent: c62981b29b64fa1154be20ef4773f0e2ae432502

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/bionic-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-sec...

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 298b3763eb258451e747906512dfe977363ff474
Unapplied parent: c62981b29b64fa1154be20ef4773f0e2ae432502

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/xenial-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-se...

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: dbb3afb8f015476824c22d84cbcd6c453f742885
Unapplied parent: 46bd4dd600f86dc7d3526e57d52a6137ee48a38e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/disco-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: b3f3a3861ec95247b8ae426d30a9f5bf49527bb1

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/xenial-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f447e332723f0a54454918ac3ac7449e1d08727e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/xenial-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-se...

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-applied version 7.47.0-1ubuntu2.14 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: dbb3afb8f015476824c22d84cbcd6c453f742885
Unapplied parent: 46bd4dd600f86dc7d3526e57d52a6137ee48a38e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/disco-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-unapplied version 7.64.0-2ubuntu1.2 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: b3f3a3861ec95247b8ae426d30a9f5bf49527bb1

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/xenial-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f447e332723f0a54454918ac3ac7449e1d08727e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/bionic-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-unapplied version 7.58.0-2ubuntu3.8 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6e076cee6ce9f5a88a154f9c180377f52761fc60

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/disco-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-secu...

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: dccf98ef134849d5f9265d0365db17c3d7aa73a4
Unapplied parent: 2d4adbf84b8cbe16d34bdca4ac5ede5881534776

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

ubuntu/xenial-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Author: Alex Murray
Author Date: 2019-09-06 05:30:31 UTC

Import patches-unapplied version 7.47.0-1ubuntu2.14 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: f447e332723f0a54454918ac3ac7449e1d08727e

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/bionic-security 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-sec...

Author: Alex Murray
Author Date: 2019-09-06 05:27:21 UTC

Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 298b3763eb258451e747906512dfe977363ff474
Unapplied parent: c62981b29b64fa1154be20ef4773f0e2ae432502

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/disco-updates 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-secu...

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: dccf98ef134849d5f9265d0365db17c3d7aa73a4
Unapplied parent: 2d4adbf84b8cbe16d34bdca4ac5ede5881534776

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

applied/ubuntu/disco-devel 2019-09-11 07:03:13 UTC 2019-09-11
Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-secu...

Author: Alex Murray
Author Date: 2019-09-06 05:20:00 UTC

Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: dccf98ef134849d5f9265d0365db17c3d7aa73a4
Unapplied parent: 2d4adbf84b8cbe16d34bdca4ac5ede5881534776

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

debian/buster 2019-06-15 04:27:38 UTC 2019-06-15
Import patches-unapplied version 7.64.0-4 to debian/sid

Author: Alessandro Ghedini
Author Date: 2019-06-14 18:23:32 UTC

Import patches-unapplied version 7.64.0-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 961ba65d8a086ebf69f284c0e8e3ab831ef4c833

New changelog entries:
  * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
    https://curl.haxx.se/docs/CVE-2019-5436.html
  * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
    https://curl.haxx.se/docs/CVE-2019-5435.html

applied/debian/buster 2019-06-15 04:27:38 UTC 2019-06-15
Import patches-applied version 7.64.0-4 to applied/debian/sid

Author: Alessandro Ghedini
Author Date: 2019-06-14 18:23:32 UTC

Import patches-applied version 7.64.0-4 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 0ce951d4aaf3b7760917e9e8a916608ed94121c8
Unapplied parent: d3b5dfea3b8901b1e44f818e4bd6574926880cc4

New changelog entries:
  * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
    https://curl.haxx.se/docs/CVE-2019-5436.html
  * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
    https://curl.haxx.se/docs/CVE-2019-5435.html

ubuntu/cosmic-proposed 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ea93e767a5847ea4d19e426ef1042213b219673f

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

applied/ubuntu/cosmic-proposed 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-pro...

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3ed9eb93477313bf04a5ad271759977d558fbb9e
Unapplied parent: 15613236464e0db30db2dce173efab6958930bb0

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

applied/ubuntu/cosmic-devel 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-pro...

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.5 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3ed9eb93477313bf04a5ad271759977d558fbb9e
Unapplied parent: 15613236464e0db30db2dce173efab6958930bb0

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

ubuntu/cosmic-devel 2019-06-07 09:48:18 UTC 2019-06-07
Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Author: Sebastien Bacher
Author Date: 2019-05-28 18:27:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.5 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: ea93e767a5847ea4d19e426ef1042213b219673f

New changelog entries:
  * debian/patches/git_azure_devops.patch:
    - only ever pick CURLAUTH_BEARER if we *have* a Bearer token,
      should resolve issues using git on Azure DevOps (lp: #1805203)

applied/ubuntu/cosmic-security 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9954ba685d174786455af05940c413e61ab59ed2
Unapplied parent: e914c1fd5e9e3dc8d63fc8d976eb5776f5c2c845

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

applied/ubuntu/cosmic-updates 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-sec...

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-applied version 7.61.0-1ubuntu2.4 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 9954ba685d174786455af05940c413e61ab59ed2
Unapplied parent: e914c1fd5e9e3dc8d63fc8d976eb5776f5c2c845

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

ubuntu/cosmic-security 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 6a6aca778785b3f29a8580b5c9f914dd25f05693

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

ubuntu/cosmic-updates 2019-05-22 12:43:16 UTC 2019-05-22
Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Author: Marc Deslauriers
Author Date: 2019-05-16 12:38:58 UTC

Import patches-unapplied version 7.61.0-1ubuntu2.4 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 6a6aca778785b3f29a8580b5c9f914dd25f05693

New changelog entries:
  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

ubuntu/disco 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 8adf12e02041b5ba0eced44c50e182c3fe24a0a8

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/ubuntu/disco-proposed 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: cbc04078deef87006a6d968599a8b1e6d35d0058
Unapplied parent: 2e7bb28c1eaaf183126c0a9d7648c64b13515d4d

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

ubuntu/disco-proposed 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-unapplied version 7.64.0-2ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 8adf12e02041b5ba0eced44c50e182c3fe24a0a8

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/ubuntu/disco 2019-04-05 22:18:10 UTC 2019-04-05
Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Author: Gianfranco Costamagna
Author Date: 2019-04-05 15:50:51 UTC

Import patches-applied version 7.64.0-2ubuntu1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: cbc04078deef87006a6d968599a8b1e6d35d0058
Unapplied parent: 2e7bb28c1eaaf183126c0a9d7648c64b13515d4d

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
  * debian/control, debian/rules:
    - build with libssh instead of libssh2, that's a better maintained
      library and it's in Ubuntu main (lp: #311029)

applied/debian/stretch 2019-02-16 17:04:34 UTC 2019-02-16
Import patches-applied version 7.52.1-5+deb9u9 to applied/debian/stretch

Author: Alessandro Ghedini
Author Date: 2019-02-04 20:55:32 UTC

Import patches-applied version 7.52.1-5+deb9u9 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 4529e3e06a61b3a45eaabecd26175ea5d37c4725
Unapplied parent: 762c78527bc489d44ae08c93f8f8df9643a91cee

New changelog entries:
  * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
    https://curl.haxx.se/docs/CVE-2018-16890.html
  * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
    https://curl.haxx.se/docs/CVE-2019-3822.html
  * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
    https://curl.haxx.se/docs/CVE-2019-3823.html

debian/stretch 2019-02-16 17:04:34 UTC 2019-02-16
Import patches-unapplied version 7.52.1-5+deb9u9 to debian/stretch

Author: Alessandro Ghedini
Author Date: 2019-02-04 20:55:32 UTC

Import patches-unapplied version 7.52.1-5+deb9u9 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 8e86840b3ef698de552c67f3a4711b949fd87130

New changelog entries:
  * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
    https://curl.haxx.se/docs/CVE-2018-16890.html
  * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
    https://curl.haxx.se/docs/CVE-2019-3822.html
  * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
    https://curl.haxx.se/docs/CVE-2019-3823.html

ubuntu/trusty-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-security 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

applied/ubuntu/trusty-devel 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-se...

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-applied version 7.35.0-1ubuntu2.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 279d527f1bdd56cab5c7fe7cd890204a2e8f639c
Unapplied parent: 32be159a8c0360e6447346c39919a1d8ea7d9aae

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/trusty-updates 2019-02-06 14:03:12 UTC 2019-02-06
Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2019-01-29 14:03:19 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c81198a443bb1a3746e7cf6a34b7612e6380131

New changelog entries:
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-unapplied version 7.61.0-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 482fab373d269b80c5d12757917c9d24a3ccff9a

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

applied/ubuntu/cosmic 2018-10-01 17:37:03 UTC 2018-10-01
Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Author: Dimitri John Ledkov
Author Date: 2018-09-29 00:36:46 UTC

Import patches-applied version 7.61.0-1ubuntu2 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 3e6c8006de9eefcb90bb5fdb9738a93219ccc7be
Unapplied parent: d18d419795b897df204c35936e4a88d900738534

New changelog entries:
  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/ubuntu/artful-devel 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-sec...

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-applied version 7.55.1-1ubuntu2.6 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 49ff3a5682b92ad7e74aa5f109ca787969c3f6bb
Unapplied parent: 3fbeba7b89feec5cd4d3495b70d7d322633c31e0

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-updates 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

ubuntu/artful-security 2018-07-11 12:18:16 UTC 2018-07-11
Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Author: Marc Deslauriers
Author Date: 2018-07-04 14:20:21 UTC

Import patches-unapplied version 7.55.1-1ubuntu2.6 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 12b3ad5049beecc88556ca1100eb1250ddec29b6

New changelog entries:
  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

applied/debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-applied version 7.38.0-4+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 01125cbd2b9c8e2d6c86fdb934d9c80a7b53459e
Unapplied parent: 896568dac13c1d39e82ca3db9239d1daddf9688f

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

debian/jessie 2018-06-23 17:07:02 UTC 2018-06-23
Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Author: Alessandro Ghedini
Author Date: 2018-05-15 22:05:31 UTC

Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d0b32955476198b6eb5cf4535e2ab8663725ef56

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

applied/ubuntu/bionic 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-unapplied version 7.58.0-2ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f25607eb36d17cb4a9f0dcbcdca945b7af107a0c

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

applied/ubuntu/bionic-proposed 2018-03-15 15:19:07 UTC 2018-03-15
Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Author: Marc Deslauriers
Author Date: 2018-03-15 12:20:41 UTC

Import patches-applied version 7.58.0-2ubuntu3 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7fa8f1972c276bcaff0b13f090b1faa57cff6ba7
Unapplied parent: eec455701a6e4f0ef4fdd094874a5041fa46cce5

New changelog entries:
  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

importer/ubuntu/pristine-tar 2018-03-07 06:22:20 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 06:22:20 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

importer/debian/pristine-tar 2018-03-07 04:55:25 UTC 2018-03-07
pristine-tar data for curl_7.58.0.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 04:55:25 UTC

pristine-tar data for curl_7.58.0.orig.tar.gz

debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-unapplied version 7.58.0-3 to debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-unapplied version 7.58.0-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 7371b12a752baa1b3e36daffb2bedea042f87727

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

applied/debian/experimental 2018-03-01 16:25:54 UTC 2018-03-01
Import patches-applied version 7.58.0-3 to applied/debian/experimental

Author: Alessandro Ghedini
Author Date: 2018-02-27 21:16:17 UTC

Import patches-applied version 7.58.0-3 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 6c38275215b190748bc29ab469e21f25c1e0b117
Unapplied parent: bbc08c0a3529eeb41989fb7666ad40f94d194ed8

New changelog entries:
  [ Steve Langasek ]
  * Build-depend on libssl-dev instead of libssl1.0-dev.
  * Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
    CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
    openssl 1.0 and openssl 1.1.
  * debian/patches/03_keep_symbols_compat.patch: drop, since we are no longer
    claiming compatibility.
  * debian/patches/90_gnutls.patch: Retain symbol versioning compatibility for
    non-OpenSSL builds. Closes: #858398.
  * Adjust libssl1.1 vs libssl1.0 Suggests/Conflicts; thanks, Adrian Bunk

ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-updates 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

applied/ubuntu/zesty-security 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-secu...

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/zesty-devel 2017-11-29 13:19:06 UTC 2017-11-29
Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Author: Marc Deslauriers
Author Date: 2017-11-28 13:02:21 UTC

Import patches-unapplied version 7.52.1-4ubuntu1.4 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 3946fe11e85c6c2f99764e9df54f1eda8610491a

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-unapplied version 7.55.1-1ubuntu2 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 77981d8206026856a3f250d24883c5fb930d115e

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/artful-proposed 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/artful 2017-10-05 12:28:20 UTC 2017-10-05
Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Author: Marc Deslauriers
Author Date: 2017-10-04 12:35:10 UTC

Import patches-applied version 7.55.1-1ubuntu2 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: eb77e6f3d194834f386438e4bc9fc5b761e789c1
Unapplied parent: d6ae0b607b3075ebdca14be78824b5f2e90b1067

New changelog entries:
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254

applied/ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/zesty 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-applied version 7.52.1-4ubuntu1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 518b35a58900e5d5f6d4aacf0560cc129a504c1c
Unapplied parent: 285258982943160e48da1e86acf4926e19e5c9dc

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

ubuntu/zesty-proposed 2017-04-09 12:08:13 UTC 2017-04-09
Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Author: Gianfranco Costamagna
Author Date: 2017-04-09 11:07:51 UTC

Import patches-unapplied version 7.52.1-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2

applied/ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-applied version 7.22.0-3ubuntu4.17 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: fd7a144ec90e701df6183187bc2511666ea3ef6d
Unapplied parent: 8d478b69d673f2d5b70941708aed7effd946ab45

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-security 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

applied/ubuntu/yakkety-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-se...

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-applied version 7.50.1-1ubuntu1.1 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: c874536614845812ed910c97ec8b7b80081fe361
Unapplied parent: f8d04396c5f162f0a49a723c9ad957a2742182a1

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/yakkety-updates 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Author: Marc Deslauriers
Author Date: 2016-11-02 17:45:25 UTC

Import patches-unapplied version 7.50.1-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 753b89cc7839375e8ce5ba344e0e8ae9d3bfd2da

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/vtls/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: glob parser write/read out of bounds
    - debian/patches/CVE-2016-8620.patch: stay within bounds in
      src/tool_urlglob.c.
    - CVE-2016-8620
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/precise-devel 2016-11-03 17:41:07 UTC 2016-11-03
Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2016-11-03 12:03:52 UTC

Import patches-unapplied version 7.22.0-3ubuntu4.17 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: b51c5cd554802e4a24197a78cfb6cdb987e57c5c

New changelog entries:
  * SECURITY UPDATE: Incorrect reuse of client certificates with NSS
    - debian/patches/CVE-2016-7141.patch: refuse previously loaded
      certificate from file in lib/nss.c.
    - CVE-2016-7141
  * SECURITY UPDATE: curl escape and unescape integer overflows
    - debian/patches/CVE-2016-7167.patch: deny negative string length
      inputs in lib/escape.c.
    - CVE-2016-7167
  * SECURITY UPDATE: cookie injection for other servers
    - debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
      lib/cookie.c.
    - CVE-2016-8615
  * SECURITY UPDATE: case insensitive password comparison
    - debian/patches/CVE-2016-8616.patch: use case sensitive user/password
      comparisons in lib/url.c.
    - CVE-2016-8616
  * SECURITY UPDATE: OOB write via unchecked multiplication
    - debian/patches/CVE-2016-8617.patch: check for integer overflow on
      large input in lib/base64.c.
    - CVE-2016-8617
  * SECURITY UPDATE: double-free in curl_maprintf
    - debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
      allocation in lib/mprintf.c.
    - CVE-2016-8618
  * SECURITY UPDATE: double-free in krb5 code
    - debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
    - CVE-2016-8619
  * SECURITY UPDATE: curl_getdate read out of bounds
    - debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
      lib/parsedate.c, added tests to tests/data/test517,
      tests/libtest/lib517.c.
    - CVE-2016-8621
  * SECURITY UPDATE: URL unescape heap overflow via integer truncation
    - debian/patches/CVE-2016-8622.patch: avoid integer overflow in
      lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
    - CVE-2016-8622
  * SECURITY UPDATE: Use-after-free via shared cookies
    - debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
      in lib/cookie.c, lib/cookie.h, lib/http.c.
    - CVE-2016-8623
  * SECURITY UPDATE: invalid URL parsing with #
    - debian/patches/CVE-2016-8624.patch: accept # as end of host name in
      lib/url.c.
    - CVE-2016-8624

ubuntu/trusty-proposed 2016-08-31 16:24:27 UTC 2016-08-31
Import patches-unapplied version 7.35.0-1ubuntu2.9 to ubuntu/trusty-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-28 19:27:34 UTC

Import patches-unapplied version 7.35.0-1ubuntu2.9 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 0c4dec9eaecaba6ee5e057990e55d2475bc5442f

New changelog entries:
  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

applied/ubuntu/trusty-proposed 2016-08-31 16:24:27 UTC 2016-08-31
Import patches-applied version 7.35.0-1ubuntu2.9 to applied/ubuntu/trusty-pro...

Author: Gianfranco Costamagna
Author Date: 2016-08-28 19:27:34 UTC

Import patches-applied version 7.35.0-1ubuntu2.9 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: aefa5bf5a4c9f3d0202667f8a6d189b9d656cc3a
Unapplied parent: 109fe039e21ebd865d3177d2c78e2707434ebd17

New changelog entries:
  [ Joe Afflerbach ]
  * debian/patches/curl-chunk-fix.patch:
    - fix problem with chunked encoded data (LP: #1613698)

applied/ubuntu/yakkety 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-prop...

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-applied version 7.50.1-1ubuntu1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e6250073c1ab4544a30431ac3315400fa664ec44
Unapplied parent: afba32c215c0d4c43297dbed8959b4adaa5ffd6d

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

ubuntu/yakkety-proposed 2016-08-03 15:59:35 UTC 2016-08-03
Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Author: Gianfranco Costamagna
Author Date: 2016-08-03 13:29:21 UTC

Import patches-unapplied version 7.50.1-1ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 66b33c5f29c1408e27467e38ecd7c7b31dd66572

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop libssh2-1-dev, and libnghttp2-dev.
      + Drop libssh2-1-dev from binary package Depends.
      + debian/control: drop --with-nghttp2
  * Drop libgnutls28-dev change, the rename didn't happen in Debian
  * Readd stunnel build dependency, we can build-depend from
    universe now.

1100 of 294 results

Other repositories

Name Last Modified
lp:ubuntu/+source/curl 2019-09-17
lp:~paelzer/ubuntu/+source/curl 2017-12-07
12 of 2 results
You can't create new repositories for curl in Ubuntu.