lp:ubuntu/dapper-security/curl

Created by James Westby on 2009-07-18 and last modified on 2009-08-13
Get this branch:
bzr branch lp:ubuntu/dapper-security/curl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

10. By Kees Cook on 2009-08-13

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - lib/ssluse.c: backported upstream changes, applied inline.
  - CVE-2009-2417

9. By Marc Deslauriers on 2009-02-26

* SECURITY UPDATE: Local file exposure via redirect
  - docs/libcurl/curl_easy_setopt.3, include/curl/curl.h, lib/{easy,url}.c
    and lib/urldata.h: add logic to limit what protocols curl will
    automatically follow via a redirect. By default, it now follows all
    protocols except FILE.
  - http://curl.haxx.se/CVE-2009-0037/curl-7.15.1-CVE-2009-0037.patch
  - CVE-2009-0037

8. By Kees Cook on 2007-06-27

lib/gtls.c: actually perform expiration and activation verifications
(CVE-2007-3564).

7. By Martin Pitt on 2006-03-16

* SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs.
* lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to
  Ulf Harnhammar for discovering this.
* CVE-2006-1061

6. By Martin Pitt on 2005-12-12

Resynchronise with Debian to get URL parser overflow fix from 7.15.1
(CVE-2005-4077).

5. By Matthias Klose on 2005-07-26

Synchronize with Debian.

4. By LaMont Jones on 2005-03-23

Fix the version numbers internal to debian/rules. Closes; #8088

3. By Domenico Andreoli on 2004-06-04

* Reverted to version 7.11.2 (closes: #252348).
* Disabled support for libidn (closes: #252367). This is to leave
  curl in unstable as much similar as possible to the one in testing.

2. By Domenico Andreoli on 2002-03-12

* New upstream version (Closes: #134608).
* Added autotools-dev to the build dependencies. config.{guess,sub}
  can now be updated automatically in the build process.

1. By Domenico Andreoli on 2002-03-12

Import upstream version 7.9.5

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/curl
This branch contains Public information 
Everyone can see this information.

Subscribers