View Git repositories
Name Status Last Modified Last Commit
lp:ubuntu/wily/curl 1 Development 2015-08-10 23:56:46 UTC 2015-08-10
90. * debian/control: - Switch build de...

Author: Robert Ancell
Revision Date: 2015-08-11 11:41:50 UTC

* debian/control:
  - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev

lp:ubuntu/wily-proposed/curl bug 1 Development 2015-08-10 23:56:46 UTC 2015-08-10
90. * debian/control: - Switch build de...

Author: Robert Ancell
Revision Date: 2015-08-11 11:41:50 UTC

* debian/control:
  - Switch build depends from transitional libgnutsl28-dev to libgnutls-dev

lp:ubuntu/vivid-updates/curl 2 Mature 2015-05-24 15:17:44 UTC 2015-05-24
86. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 09:09:44 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: close Negotiate connections when
    done in lib/http.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

lp:ubuntu/vivid-security/curl 2 Mature 2015-05-24 15:17:37 UTC 2015-05-24
86. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 09:09:44 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: close Negotiate connections when
    done in lib/http.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

lp:ubuntu/precise-security/curl bug 2 Mature 2015-04-29 14:03:35 UTC 2015-04-29
69. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 14:03:35 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148

lp:ubuntu/precise-updates/curl 2 Mature 2015-04-29 14:03:35 UTC 2015-04-29
69. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 14:03:35 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148

lp:ubuntu/trusty-security/curl 2 Mature 2015-04-29 14:03:00 UTC 2015-04-29
80. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 14:03:00 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148

lp:ubuntu/trusty-updates/curl 2 Mature 2015-04-29 14:03:00 UTC 2015-04-29
80. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 14:03:00 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148

lp:ubuntu/utopic-security/curl 2 Mature 2015-04-29 10:23:26 UTC 2015-04-29
86. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 10:23:26 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

lp:ubuntu/utopic-updates/curl 2 Mature 2015-04-29 10:23:26 UTC 2015-04-29
86. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 10:23:26 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

lp:ubuntu/lucid-security/curl bug 2 Mature 2015-01-14 16:46:45 UTC 2015-01-14
51. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 16:46:45 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c.
  - CVE-2014-8150

lp:ubuntu/lucid-updates/curl bug 2 Mature 2015-01-14 16:46:45 UTC 2015-01-14
51. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 16:46:45 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c.
  - CVE-2014-8150

lp:ubuntu/vivid/curl 2 Mature 2015-01-14 07:57:00 UTC 2015-01-14
85. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 07:57:00 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
    tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
  - CVE-2014-8150

lp:ubuntu/vivid-proposed/curl 1 Development 2015-01-14 07:57:00 UTC 2015-01-14
85. * SECURITY UPDATE: URL request inject...

Author: Marc Deslauriers
Revision Date: 2015-01-14 07:57:00 UTC

* SECURITY UPDATE: URL request injection
  - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
    lib/url.c, added test to tests/data/Makefile.am, tests/data/test1529,
    tests/libtest/Makefile.inc, tests/libtest/lib1529.c.
  - CVE-2014-8150

lp:ubuntu/utopic-proposed/curl bug 1 Development 2014-10-03 12:56:36 UTC 2014-10-03
83. debian/patches/09_fix-timeout-in-poll...

Author: Brian Murray
Revision Date: 2014-10-02 13:26:57 UTC

debian/patches/09_fix-timeout-in-poll-and-wait.patch: apply upstream
commit fixing timeout return value for curl_poll and curl_wait_ms.
Thanks to Grzegorz Gutowski for finding the patch. (LP: #1375663)

lp:ubuntu/utopic/curl 2 Mature 2014-10-02 13:26:57 UTC 2014-10-02
83. debian/patches/09_fix-timeout-in-poll...

Author: Brian Murray
Revision Date: 2014-10-02 13:26:57 UTC

debian/patches/09_fix-timeout-in-poll-and-wait.patch: apply upstream
commit fixing timeout return value for curl_poll and curl_wait_ms.
Thanks to Grzegorz Gutowski for finding the patch. (LP: #1375663)

lp:ubuntu/saucy-security/curl 2 Mature 2014-04-01 10:16:55 UTC 2014-04-01
76. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 10:16:55 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/hostcheck.c, added tests to tests/data/Makefile.am,
    tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.

lp:ubuntu/saucy-updates/curl 2 Mature 2014-04-01 10:16:55 UTC 2014-04-01
76. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 10:16:55 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/hostcheck.c, added tests to tests/data/Makefile.am,
    tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.

lp:ubuntu/quantal-security/curl bug 2 Mature 2014-04-01 09:59:44 UTC 2014-04-01
70. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:59:44 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/ssluse.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.
* debian/patches/disable_test519.path: disable test 519 as security
  update causes it to hang. Fixing this would require backporting new
  logic into tests/server/sws.c.

lp:ubuntu/quantal-updates/curl 2 Mature 2014-04-01 09:59:44 UTC 2014-04-01
70. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:59:44 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/ssluse.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.
* debian/patches/disable_test519.path: disable test 519 as security
  update causes it to hang. Fixing this would require backporting new
  logic into tests/server/sws.c.

lp:ubuntu/trusty-proposed/curl 2 Mature 2014-04-01 09:25:23 UTC 2014-04-01
76. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:25:23 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/hostcheck.c, added tests to tests/data/Makefile.am,
    tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.

lp:ubuntu/trusty/curl 1 Development 2014-04-01 09:25:23 UTC 2014-04-01
76. * SECURITY UPDATE: wrong re-use of co...

Author: Marc Deslauriers
Revision Date: 2014-04-01 09:25:23 UTC

* SECURITY UPDATE: wrong re-use of connections
  - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
    HTTP logic, and extend new connection logic to other protocols in
    lib/http.c, lib/url.c, lib/urldata.h, add new tests to
    tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
  - CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
  literal IP addresses
  - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
    lib/hostcheck.c, added tests to tests/data/Makefile.am,
    tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
  - CVE-2014-0139
* debian/patches/fix_test172.path: fix expired cookie causing test to
  fail.

lp:ubuntu/raring-security/curl 2 Mature 2013-12-17 12:47:31 UTC 2013-12-17
71. * SECURITY UPDATE: missing CN verific...

Author: Marc Deslauriers
Revision Date: 2013-12-17 12:47:31 UTC

* SECURITY UPDATE: missing CN verification when signature verification is
  disabled in GnuTLS backend.
  - debian/patches/CVE-2013-6422.patch: still verify host when
    CURLOPT_SSL_VERIFYPEER isn't set in lib/gtls.c.
  - CVE-2013-6422

lp:ubuntu/raring-updates/curl 2 Mature 2013-12-17 12:47:31 UTC 2013-12-17
71. * SECURITY UPDATE: missing CN verific...

Author: Marc Deslauriers
Revision Date: 2013-12-17 12:47:31 UTC

* SECURITY UPDATE: missing CN verification when signature verification is
  disabled in GnuTLS backend.
  - debian/patches/CVE-2013-6422.patch: still verify host when
    CURLOPT_SSL_VERIFYPEER isn't set in lib/gtls.c.
  - CVE-2013-6422

lp:ubuntu/saucy-proposed/curl bug 1 Development 2013-09-04 22:11:29 UTC 2013-09-04
72. * Merge from Debian unstable. Remain...

Author: Merge-o-Matic
Revision Date: 2013-08-12 15:39:32 UTC

* Merge from Debian unstable. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.
* Fixes freeipa-client join. (LP: #1220928)

lp:ubuntu/raring-proposed/curl bug 2 Mature 2013-08-30 19:01:10 UTC 2013-08-30
69. Reset timecond when clearing session-...

Author: Dave Chiluk
Revision Date: 2013-08-21 13:09:13 UTC

Reset timecond when clearing session-info variables (LP: #1179781)
This fixes CURLINFO_CONDITION_UNMET incorrectly reporting "1"

lp:ubuntu/quantal-proposed/curl bug 2 Mature 2013-08-30 19:01:05 UTC 2013-08-30
66. Reset timecond when clearing session-...

Author: Dave Chiluk
Revision Date: 2013-08-23 14:58:40 UTC

Reset timecond when clearing session-info variables (LP: #1179781)
This fixes CURLINFO_CONDITION_UNMET incorrectly reporting "1"

lp:ubuntu/precise-proposed/curl bug 2 Mature 2013-08-30 19:00:55 UTC 2013-08-30
61. Reset timecond when clearing session-...

Author: Dave Chiluk
Revision Date: 2013-08-23 16:05:09 UTC

Reset timecond when clearing session-info variables (LP: #1179781)
This fixes CURLINFO_CONDITION_UNMET incorrectly reporting "1"

lp:ubuntu/saucy/curl 2 Mature 2013-08-12 15:39:32 UTC 2013-08-12
72. * Merge from Debian unstable. Remain...

Author: Merge-o-Matic
Revision Date: 2013-08-12 15:39:32 UTC

* Merge from Debian unstable. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.
* Fixes freeipa-client join. (LP: #1220928)

lp:~ubuntu-branches/ubuntu/saucy/curl/saucy-201307251546 (Has a merge proposal) 1 Development 2013-07-25 15:46:27 UTC 2013-07-25
71. Merge branch lp:~obounaim/ubuntu/sauc...

Author: Luke Yelavich
Revision Date: 2013-07-24 02:10:13 UTC

Merge branch lp:~obounaim/ubuntu/saucy/curl/merge-from-debian

lp:~obounaim/ubuntu/saucy/curl/merge-from-debian (Has a merge proposal) 1 Development 2013-07-23 18:45:03 UTC 2013-07-23
71. * Merge from Debian, Remaining change...

Author: Oussama BOUNAIM
Revision Date: 2013-07-23 17:42:47 UTC

* Merge from Debian, Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.
* Add 09_openssl-recv.patch to fix incorrect OpenSSL usage (Closes: #714050)
* Set urgency=high because of the security fix in the previous upload

lp:ubuntu/hardy-security/curl 2 Mature 2013-04-11 14:11:37 UTC 2013-04-11
31. * SECURITY UPDATE: Incorrect cookie d...

Author: Seth Arnold
Revision Date: 2013-04-11 14:11:37 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

lp:ubuntu/hardy-updates/curl 2 Mature 2013-04-11 14:11:37 UTC 2013-04-11
31. * SECURITY UPDATE: Incorrect cookie d...

Author: Seth Arnold
Revision Date: 2013-04-11 14:11:37 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

lp:ubuntu/oneiric-security/curl 2 Mature 2013-04-11 13:55:41 UTC 2013-04-11
55. * SECURITY UPDATE: Incorrect cookie d...

Author: Seth Arnold
Revision Date: 2013-04-11 13:55:41 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

lp:ubuntu/oneiric-updates/curl 2 Mature 2013-04-11 13:55:41 UTC 2013-04-11
55. * SECURITY UPDATE: Incorrect cookie d...

Author: Seth Arnold
Revision Date: 2013-04-11 13:55:41 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

lp:ubuntu/raring/curl bug 1 Development 2013-04-10 15:16:17 UTC 2013-04-10
68. * SECURITY UPDATE: Incorrect cookie d...

Author: Seth Arnold
Revision Date: 2013-04-10 15:16:17 UTC

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/09_curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

lp:~mfisch/ubuntu/raring/curl/sync-with-debian-7.28.1 bug 1 Development 2012-12-13 20:46:56 UTC 2012-12-13
2. initial merge

Author: Matt Fischer
Revision Date: 2012-12-10 03:25:44 UTC

initial merge

lp:ubuntu/quantal/curl bug 2 Mature 2012-08-20 13:54:01 UTC 2012-08-20
62. * Resynchronise with Debian. Remaini...

Author: Colin Watson
Revision Date: 2012-08-20 13:54:01 UTC

* Resynchronise with Debian. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.

lp:ubuntu/precise/curl bug 2 Mature 2012-03-22 18:40:30 UTC 2012-03-22
58. debian/control: Add missing Depends o...

Author: Andres Rodriguez
Revision Date: 2012-03-22 18:40:30 UTC

debian/control: Add missing Depends on libcrypto1.0.0-udeb.

lp:ubuntu/maverick-security/curl 2 Mature 2012-01-24 08:29:10 UTC 2012-01-24
44. * SECURITY UPDATE: URL sanitization v...

Author: Marc Deslauriers
Revision Date: 2012-01-24 08:29:10 UTC

* SECURITY UPDATE: URL sanitization vulnerability
  - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control
    codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}.
  - CVE-2012-0036

lp:ubuntu/maverick-updates/curl 2 Mature 2012-01-24 08:29:10 UTC 2012-01-24
44. * SECURITY UPDATE: URL sanitization v...

Author: Marc Deslauriers
Revision Date: 2012-01-24 08:29:10 UTC

* SECURITY UPDATE: URL sanitization vulnerability
  - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control
    codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}.
  - CVE-2012-0036

lp:ubuntu/natty-security/curl 2 Mature 2012-01-24 08:28:19 UTC 2012-01-24
48. * SECURITY UPDATE: URL sanitization v...

Author: Marc Deslauriers
Revision Date: 2012-01-24 08:28:19 UTC

* SECURITY UPDATE: URL sanitization vulnerability
  - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control
    codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}.
  - CVE-2012-0036

lp:ubuntu/natty-updates/curl 2 Mature 2012-01-24 08:28:19 UTC 2012-01-24
48. * SECURITY UPDATE: URL sanitization v...

Author: Marc Deslauriers
Revision Date: 2012-01-24 08:28:19 UTC

* SECURITY UPDATE: URL sanitization vulnerability
  - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control
    codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}.
  - CVE-2012-0036

lp:ubuntu/oneiric/curl bug 2 Mature 2011-09-15 21:13:27 UTC 2011-09-15
53. [ James Page, Colin Watson ] Add new ...

Author: James Page
Revision Date: 2011-09-14 17:31:37 UTC

[ James Page, Colin Watson ]
Add new libcurl3-udeb package, stripped down for use during installation
(LP: #831496).

lp:~cjwatson/ubuntu/oneiric/curl/minimal-udeb bug 1 Development 2011-09-15 19:20:39 UTC 2011-09-15
57. We don't need a *-minimal-* package s...

Author: Colin Watson
Revision Date: 2011-09-15 18:12:40 UTC

We don't need a *-minimal-* package stack at build time; a udeb is enough.

lp:~james-page/ubuntu/oneiric/curl/minimal-udeb bug 1 Development 2011-09-15 09:20:32 UTC 2011-09-15
56. Fixed typo

Author: James Page
Revision Date: 2011-09-15 09:20:02 UTC

Fixed typo

lp:ubuntu/natty-proposed/curl bug 1 Development 2011-06-24 11:36:02 UTC 2011-06-24
48. debian/patches/timeout_bug_736216: ch...

Author: Steve Beattie
Revision Date: 2011-06-24 11:36:02 UTC

debian/patches/timeout_bug_736216: cherry pick upstream
git revision d4e000906ac4ef243258a5c9a819a7cde247d16a to fix
handshake timeout bug (LP: #736216). Thanks to Sidnei da Silva
and Michael Vogt

lp:~vorlon/ubuntu/natty/curl/multiarch 1 Development 2011-04-11 22:55:28 UTC 2011-04-11
47. Build for multiarch.

Author: Steve Langasek
Revision Date: 2011-04-11 22:54:53 UTC

Build for multiarch.

lp:ubuntu/natty/curl bug 2 Mature 2011-01-26 15:18:33 UTC 2011-01-26
46. * Merge from debian unstable. Remain...

Author: Artur Rona
Revision Date: 2011-01-26 02:50:18 UTC

* Merge from debian unstable. Remaining changes: (LP: #707756)
  - debian/control:
    + Build-Depends: Replace libssh2-1-dev with openssh-server.
      Drop stunnel since it's in universe, as well.
    + Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
    Above changes are necessary to be independent from the universe.

lp:ubuntu/jaunty/curl 1 Development 2011-01-21 20:17:54 UTC 2011-01-21
37. * SECURITY UPDATE: add fix for CVE-20...

Author: Marc Deslauriers
Revision Date: 2009-03-03 19:58:20 UTC

* SECURITY UPDATE: add fix for CVE-2009-0037 back in
  - debian/patches/security_CVE-2009-0037.patch: updated patch to add missing
    section to lib/easy.c
  - CVE-2009-0037

lp:ubuntu/intrepid/curl 1 Development 2011-01-21 20:17:34 UTC 2011-01-21
31. Added Recommends: on ca-certificate f...

Author: Nick Ellery
Revision Date: 2008-10-10 23:32:54 UTC

Added Recommends: on ca-certificate for curl package (LP: #152781).

lp:ubuntu/hardy/curl 2 Mature 2011-01-21 20:17:17 UTC 2011-01-21
27. Use automake-1.9, as used by upstream.

Author: Matthias Klose
Revision Date: 2008-02-08 13:24:07 UTC

Use automake-1.9, as used by upstream.

lp:ubuntu/gutsy/curl 1 Development 2011-01-21 20:17:02 UTC 2011-01-21
21. * Merge with Debian; remaining change...

Author: Matthias Klose
Revision Date: 2007-08-09 09:16:47 UTC

* Merge with Debian; remaining changes:
  - Drop the stunnel build dependency.

lp:ubuntu/feisty/curl 1 Development 2011-01-21 20:16:48 UTC 2011-01-21
11. * Rebuild for changes in the amd64 to...

Author: Matthias Klose
Revision Date: 2007-03-05 01:14:05 UTC

* Rebuild for changes in the amd64 toolchain.
* Set Ubuntu maintainer address.

lp:ubuntu/edgy/curl 1 Development 2011-01-21 20:16:29 UTC 2011-01-21
9. Bump libgnutls-dev dependency to >= 1...

Author: Martin Pitt
Revision Date: 2006-07-04 15:23:50 UTC

Bump libgnutls-dev dependency to >= 1.4 to build against gnutls13.

lp:ubuntu/dapper/curl 2 Mature 2011-01-21 20:16:05 UTC 2011-01-21
7. * SECURITY UPDATE: Arbitrary remote c...

Author: Martin Pitt
Revision Date: 2006-03-16 11:30:25 UTC

* SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs.
* lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to
  Ulf Harnhammar for discovering this.
* CVE-2006-1061

lp:ubuntu/breezy/curl 1 Development 2011-01-21 20:15:46 UTC 2011-01-21
5. Synchronize with Debian.

Author: Matthias Klose
Revision Date: 2005-07-26 19:03:01 UTC

Synchronize with Debian.

lp:ubuntu/hoary/curl 1 Development 2011-01-21 20:15:30 UTC 2011-01-21
4. Fix the version numbers internal to d...

Author: LaMont Jones
Revision Date: 2005-03-23 18:41:29 UTC

Fix the version numbers internal to debian/rules. Closes; #8088

lp:ubuntu/warty/curl 1 Development 2011-01-21 20:15:14 UTC 2011-01-21
3. * Reverted to version 7.11.2 (closes:...

Author: Domenico Andreoli
Revision Date: 2004-06-04 19:09:25 UTC

* Reverted to version 7.11.2 (closes: #252348).
* Disabled support for libidn (closes: #252367). This is to leave
  curl in unstable as much similar as possible to the one in testing.

lp:~ubuntu-branches/ubuntu/lucid/curl/lucid-201101212007 (Has a merge proposal) 1 Development 2011-01-21 20:07:06 UTC 2011-01-21
42. releasing version 7.19.7-1ubuntu1

Author: Kees Cook
Revision Date: 2009-12-12 04:16:18 UTC

releasing version 7.19.7-1ubuntu1

lp:~ubuntu-branches/ubuntu/lucid/curl/lucid-201010031940 1 Development 2010-10-03 19:40:05 UTC 2010-10-03
42. releasing version 7.19.7-1ubuntu1

Author: Kees Cook
Revision Date: 2009-12-12 04:16:18 UTC

releasing version 7.19.7-1ubuntu1

lp:ubuntu/maverick/curl bug 2 Mature 2010-06-20 13:56:28 UTC 2010-06-20
42. * Merge from debian unstable. Remain...

Author: Bhavani Shankar
Revision Date: 2010-06-20 13:56:28 UTC

* Merge from debian unstable. Remaining changes: LP: #596334
  - Keep build deps in main:
    - Drop build dependencies: stunnel, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

lp:ubuntu/lucid/curl bug 1 Development 2009-12-12 04:16:18 UTC 2009-12-12
41. * Merge with Debian testing. Remaini...

Author: Kees Cook
Revision Date: 2009-12-11 19:33:21 UTC

* Merge with Debian testing. Remaining changes:
  - Keep build deps in main:
    - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

lp:ubuntu/jaunty-updates/curl 2 Mature 2009-08-18 08:47:35 UTC 2009-08-18
38. * SECURITY UPDATE: SSL cert hostname ...

Author: Kees Cook
Revision Date: 2009-08-13 09:08:28 UTC

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - add debian/patches/cert-null-cn.patch: backported upstream changes.
  - CVE-2009-2417

lp:ubuntu/jaunty-security/curl 2 Mature 2009-08-17 18:23:42 UTC 2009-08-17
38. * SECURITY UPDATE: SSL cert hostname ...

Author: Kees Cook
Revision Date: 2009-08-13 09:08:28 UTC

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - add debian/patches/cert-null-cn.patch: backported upstream changes.
  - CVE-2009-2417

lp:ubuntu/karmic/curl bug 1 Development 2009-08-13 14:32:50 UTC 2009-08-13
40. * SECURITY UPDATE: SSL cert hostname ...

Author: Kees Cook
Revision Date: 2009-08-13 14:32:50 UTC

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - add debian/patches/cert-null-cn: backported upstream changes.
  - CVE-2009-2417

lp:ubuntu/dapper-security/curl 2 Mature 2009-08-13 09:14:00 UTC 2009-08-13
10. * SECURITY UPDATE: SSL cert hostname ...

Author: Kees Cook
Revision Date: 2009-08-13 09:14:00 UTC

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - lib/ssluse.c: backported upstream changes, applied inline.
  - CVE-2009-2417

lp:ubuntu/dapper-updates/curl 2 Mature 2009-08-13 09:14:00 UTC 2009-08-13
10. * SECURITY UPDATE: SSL cert hostname ...

Author: Kees Cook
Revision Date: 2009-08-13 09:14:00 UTC

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - lib/ssluse.c: backported upstream changes, applied inline.
  - CVE-2009-2417

lp:ubuntu/intrepid-security/curl 2 Mature 2009-08-13 09:12:09 UTC 2009-08-13
34. * SECURITY UPDATE: SSL cert hostname ...

Author: Kees Cook
Revision Date: 2009-08-13 09:12:09 UTC

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - add debian/patches/cert-null-cn: backported upstream changes.
  - CVE-2009-2417

lp:ubuntu/intrepid-updates/curl 2 Mature 2009-08-13 09:12:09 UTC 2009-08-13
34. * SECURITY UPDATE: SSL cert hostname ...

Author: Kees Cook
Revision Date: 2009-08-13 09:12:09 UTC

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - add debian/patches/cert-null-cn: backported upstream changes.
  - CVE-2009-2417

lp:ubuntu/gutsy-updates/curl 1 Development 2009-07-18 16:55:50 UTC 2009-07-18
22. * SECURITY UPDATE: Local file exposur...

Author: Marc Deslauriers
Revision Date: 2009-02-26 15:38:56 UTC

* SECURITY UPDATE: Local file exposure via redirect
  - debian/patches/security-CVE-2009-0037.patch: add logic to
    include/curl/curl.h, lib/{easy,url}.c and lib/urldata.h to limit what
    protocols curl will automatically follow via a redirect. By default, it
    now follows all protocols except FILE and SCP.
  - CVE-2009-0037

lp:ubuntu/gutsy-security/curl 1 Development 2009-07-18 16:55:42 UTC 2009-07-18
22. * SECURITY UPDATE: Local file exposur...

Author: Marc Deslauriers
Revision Date: 2009-02-26 15:38:56 UTC

* SECURITY UPDATE: Local file exposure via redirect
  - debian/patches/security-CVE-2009-0037.patch: add logic to
    include/curl/curl.h, lib/{easy,url}.c and lib/urldata.h to limit what
    protocols curl will automatically follow via a redirect. By default, it
    now follows all protocols except FILE and SCP.
  - CVE-2009-0037

lp:ubuntu/feisty-updates/curl 1 Development 2009-07-18 16:55:11 UTC 2009-07-18
12. lib/gtls.c: actually perform expirati...

Author: Kees Cook
Revision Date: 2007-06-27 12:16:00 UTC

lib/gtls.c: actually perform expiration and activation verifications
(CVE-2007-3564).

lp:ubuntu/feisty-security/curl 1 Development 2009-07-18 16:54:53 UTC 2009-07-18
12. lib/gtls.c: actually perform expirati...

Author: Kees Cook
Revision Date: 2007-06-27 12:16:00 UTC

lib/gtls.c: actually perform expiration and activation verifications
(CVE-2007-3564).

lp:ubuntu/edgy-updates/curl 1 Development 2009-07-18 16:54:19 UTC 2009-07-18
10. lib/gtls.c: actually perform expirati...

Author: Kees Cook
Revision Date: 2007-06-27 12:16:00 UTC

lib/gtls.c: actually perform expiration and activation verifications
(CVE-2007-3564).

lp:ubuntu/edgy-proposed/curl 1 Development 2009-07-18 16:54:06 UTC 2009-07-18
10. * lib/multi.c: Upstream patch to fix ...

Author: Cody A.W. Somerville
Revision Date: 2006-11-27 07:12:42 UTC

* lib/multi.c: Upstream patch to fix segmentation fault.
 (Closes Ubuntu: #68074, SRU bug #73447).
* Reference: http://sourceforge.net/support/tracker.php?aid=1523466.

lp:ubuntu/edgy-security/curl 1 Development 2009-07-18 16:53:56 UTC 2009-07-18
10. lib/gtls.c: actually perform expirati...

Author: Kees Cook
Revision Date: 2007-06-27 12:16:00 UTC

lib/gtls.c: actually perform expiration and activation verifications
(CVE-2007-3564).

lp:ubuntu/dapper-proposed/curl 2 Mature 2009-07-18 16:53:18 UTC 2009-07-18
9. Fix POST corruption when using gnutls...

Author: Gustavo Niemeyer
Revision Date: 2007-09-11 12:21:00 UTC

Fix POST corruption when using gnutls (LP: #137849).

lp:ubuntu/breezy-security/curl 1 Development 2009-07-18 16:52:29 UTC 2009-07-18
6. * SECURITY UPDATE: * lib/url.c: Alloc...

Author: Martin Pitt
Revision Date: 2005-12-12 14:01:23 UTC

* SECURITY UPDATE:
* lib/url.c: Allocate two extra bytes for short URL string to allow room for
  extra slash and 0 terminator.
* CVE-2005-4077

lp:ubuntu/hoary-security/curl 1 Development 2009-07-18 16:52:08 UTC 2009-07-18
5. debian/rules: Bump libcurl2 version.

Author: Martin Pitt
Revision Date: 2005-12-12 17:48:09 UTC

debian/rules: Bump libcurl2 version.

lp:ubuntu/warty-security/curl 1 Development 2009-07-18 16:51:43 UTC 2009-07-18
4. * SECURITY UPDATE: Local arbitrary co...

Author: Martin Pitt
Revision Date: 2005-12-12 14:22:32 UTC

* SECURITY UPDATE: Local arbitrary code execution.
* lib/url.c: Allocate two extra bytes for short URL string to allow room for
  extra slash and 0 terminator.
* CVE-2005-4077

181 of 81 results