lp:ubuntu/dapper-updates/curl
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/curl
Branch merges
Branch information
Recent revisions
- 10. By Kees Cook
-
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- lib/ssluse.c: backported upstream changes, applied inline.
- CVE-2009-2417 - 9. By Marc Deslauriers
-
* SECURITY UPDATE: Local file exposure via redirect
- docs/libcurl/curl_easy_ setopt. 3, include/ curl/curl. h, lib/{easy,url}.c
and lib/urldata.h: add logic to limit what protocols curl will
automatically follow via a redirect. By default, it now follows all
protocols except FILE.
- http://curl.haxx. se/CVE- 2009-0037/ curl-7. 15.1-CVE- 2009-0037. patch
- CVE-2009-0037 - 8. By Kees Cook
-
lib/gtls.c: actually perform expiration and activation verifications
(CVE-2007-3564). - 7. By Martin Pitt
-
* SECURITY UPDATE: Arbitrary remote code execution with long tftp:// URLs.
* lib/tftp.c: Fix unbounded sprintf() to avoid buffer overflow. Thanks to
Ulf Harnhammar for discovering this.
* CVE-2006-1061 - 6. By Martin Pitt
-
Resynchronise with Debian to get URL parser overflow fix from 7.15.1
(CVE-2005-4077). - 3. By Domenico Andreoli
-
* Reverted to version 7.11.2 (closes: #252348).
* Disabled support for libidn (closes: #252367). This is to leave
curl in unstable as much similar as possible to the one in testing. - 2. By Domenico Andreoli
-
* New upstream version (Closes: #134608).
* Added autotools-dev to the build dependencies. config.{guess,sub}
can now be updated automatically in the build process.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/curl