Debian
curl package

lp:debian/wheezy/curl

  1. Wheezy (7.0)
  2. wheezy
Created by James Westby and last modified
Get this branch:
bzr branch lp:debian/wheezy/curl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

45. By Alessandro Ghedini

* Fix re-using authenticated connection when unauthenticated
  as per CVE-2015-3143
  http://curl.haxx.se/docs/adv_20150422A.html
* Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
  http://curl.haxx.se/docs/adv_20150422B.html

44. By Alessandro Ghedini

* Fix duphandle read out of bounds as per CVE-2014-3707
  http://curl.haxx.se/docs/adv_20141105.html
* Set urgency=high accordingly

43. By Alessandro Ghedini

* Fix multiple security issues:
  - Only use full host matches for hosts used as IP address
    as per CVE-2014-3613
  - Reject incoming cookies set for TLDs as per CVE-2014-3620
* Set urgency=high accordingly

42. By Alessandro Ghedini

* Fix multiple security issues (Closes: #742728):
  - Fix connection re-use when using different log-in credentials
    as per CVE-2014-0138
    http://curl.haxx.se/docs/adv_20140326A.html
  - Reject IP address wildcard matches as per CVE-2014-0139
    http://curl.haxx.se/docs/adv_20140326B.html
* Set urgency=high accordingly

41. By Alessandro Ghedini

* Fix re-use of wrong HTTP NTLM connection as per CVE-2014-0015
  http://curl.haxx.se/docs/adv_20140129.html
* Set urgency=high accordingly

40. By Alessandro Ghedini

Disable host verification too when using the --insecure option
(Closes: #729965)

39. By Alessandro Ghedini

Add 09_reset-timecond.patch (Closes: #705783, #719300)

38. By Alessandro Ghedini

[ Alessandro Ghedini ]
* Fix cookie domain tailmatch as per CVE-2013-1944
  http://curl.haxx.se/docs/adv_20130412.html (Closes: #705274)
* Set urgency=high accordingly

[ Salvatore Bonaccorso ]
* Add testcase for CVE-2013-1944

37. By Alessandro Ghedini

* Fix buffer overflow when negotiating SMTP DIGEST-MD5 authentication
  as per CVE-2013-0249 (Closes: #700002)
  http://curl.haxx.se/docs/adv_20130206.html
* Set urgency=high accordingly

36. By Alessandro Ghedini

* New upstream release
  - Reject numerical IPv6 addresses outside brackets (Closes: #670126)
* Email change: Alessandro Ghedini -> <email address hidden>
* Stricter Depends on libcurl3 (Closes: #666089)
* Remove Ramakrishnan (as per his request), move myself to Maintainer
  Thank you for all your work so far
* Disable memory tracking, but keep debug enabled
  - Remove memdebug symbols (used by curl only)
* Refresh 01_runtests_gdb.patch, 90_gnutls.patch and 99_nss.patch
* Disable not-quite-working symbols hiding

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:debian/curl
This branch contains Public information 
Everyone can see this information.

Subscribers