lp:ubuntu/hardy-security/curl
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/curl
Branch merges
Branch information
Recent revisions
- 31. By Seth Arnold
-
* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
- debian/patches/ curl-tailmatch. patch: enforce strict subdomain match
when sending cookies. Patch from YAMADA Yasuharu.
- http://curl.haxx. se/curl- tailmatch. patch
- CVE-2013-1944 - 30. By Steve Beattie
-
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/ 0001-Curl_ input_negotiate -do-not- delegate- credentials. patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192
* SECURITY UPDATE: libcurl zlib automatic decompression callback
data buffer overflow
- debian/patches/ libcurl- contentencoding .patch: restrict amount of
callback data sent to an application
- CVE-2010-0734
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- debian/patches/ series: adjust patch ordering so that
debian/patches/ cert-null- cn gets applied at build time
- CVE-2009-2417 - 29. By Kees Cook
-
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- add debian/patches/ cert-null- cn: backported upstream changes.
- CVE-2009-2417 - 28. By Marc Deslauriers
-
* SECURITY UPDATE: Local file exposure via redirect
- debian/patches/ security- CVE-2009- 0037.patch: add logic to
include/curl/curl. h, lib/{easy,url}.c and lib/urldata.h to limit what
protocols curl will automatically follow via a redirect. By default, it
now follows all protocols except FILE and SCP.
- CVE-2009-0037 - 26. By Matthias Klose
-
* Merge from Debian; remaining changes:
- Drop the stunnel build dependency.
- Drop the build-dependency on libdb4.5-dev, add build-dependency on
openssh-server.
- Drop libssh2-1-dev from libcurl4-openssl- dev's Depends. - 22. By Matthias Klose
-
* Merge with Debian; remaining changes:
- Drop the stunnel build dependency.
* Drop the build-dependency on libdb4.5-dev, add build-dependency on
openssh-server.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/curl