Branches for Utopic

Name Status Last Modified Last Commit
lp:ubuntu/utopic/curl 2 Mature 2014-10-02 13:26:57 UTC 2014-10-02
83. debian/patches/09_fix-timeout-in-poll...

Author: Brian Murray
Revision Date: 2014-10-02 13:26:57 UTC

debian/patches/09_fix-timeout-in-poll-and-wait.patch: apply upstream
commit fixing timeout return value for curl_poll and curl_wait_ms.
Thanks to Grzegorz Gutowski for finding the patch. (LP: #1375663)

lp:ubuntu/utopic-security/curl 2 Mature 2015-04-29 10:23:26 UTC 2015-04-29
86. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 10:23:26 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

lp:ubuntu/utopic-updates/curl 2 Mature 2015-04-29 10:23:26 UTC 2015-04-29
86. * SECURITY UPDATE: NTLM connection re...

Author: Marc Deslauriers
Revision Date: 2015-04-29 10:23:26 UTC

* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: don't clear GSSAPI state between
    each exchange and close Negotiate connections when done in
    lib/http.c, lib/http_negotiate.c, lib/http_negotiate_sspi.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153

lp:ubuntu/utopic-proposed/curl bug 1 Development 2014-10-03 12:56:36 UTC 2014-10-03
83. debian/patches/09_fix-timeout-in-poll...

Author: Brian Murray
Revision Date: 2014-10-02 13:26:57 UTC

debian/patches/09_fix-timeout-in-poll-and-wait.patch: apply upstream
commit fixing timeout return value for curl_poll and curl_wait_ms.
Thanks to Grzegorz Gutowski for finding the patch. (LP: #1375663)

14 of 4 results