lp:ubuntu/hardy-updates/curl

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-updates/curl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

31. By Seth Arnold

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

30. By Steve Beattie

* SECURITY UPDATE: libcurl unconditional credential delegation during
  GSSAPI authentication vulnerability.
  - debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
    do not delegate credentials when doing GSSAPI authentication
  - CVE-2011-2192
* SECURITY UPDATE: libcurl zlib automatic decompression callback
  data buffer overflow
  - debian/patches/libcurl-contentencoding.patch: restrict amount of
    callback data sent to an application
  - CVE-2010-0734
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - debian/patches/series: adjust patch ordering so that
    debian/patches/cert-null-cn gets applied at build time
  - CVE-2009-2417

29. By Kees Cook

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - add debian/patches/cert-null-cn: backported upstream changes.
  - CVE-2009-2417

28. By Marc Deslauriers

* SECURITY UPDATE: Local file exposure via redirect
  - debian/patches/security-CVE-2009-0037.patch: add logic to
    include/curl/curl.h, lib/{easy,url}.c and lib/urldata.h to limit what
    protocols curl will automatically follow via a redirect. By default, it
    now follows all protocols except FILE and SCP.
  - CVE-2009-0037

27. By Matthias Klose

Use automake-1.9, as used by upstream.

26. By Matthias Klose

* Merge from Debian; remaining changes:
  - Drop the stunnel build dependency.
  - Drop the build-dependency on libdb4.5-dev, add build-dependency on
    openssh-server.
  - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

25. By Steve Langasek

No-change rebuild against libldap-2.4-2.

24. By Steve Kowalik

And drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

23. By Michael Bienia

Drop libssh2-1-dev (universe) from Build-Depends (LP: #175891).

22. By Matthias Klose

* Merge with Debian; remaining changes:
  - Drop the stunnel build dependency.
* Drop the build-dependency on libdb4.5-dev, add build-dependency on
  openssh-server.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/curl
This branch contains Public information 
Everyone can see this information.

Subscribers