Ubuntu
curl package

lp:ubuntu/maverick-security/curl

Maverick (10.10)
maverick-security

Created by James Westby on 2011-06-24 and last modified on 2012-01-24

Get this branch:: bzr branch lp:ubuntu/maverick-security/curl

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

44. By Marc Deslauriers on 2012-01-24: * SECURITY UPDATE: URL sanitization vulnerability
  - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control
    codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}.
  - CVE-2012-0036
43. By Steve Beattie on 2011-06-08: * SECURITY UPDATE: libcurl unconditional credential delegation during
  GSSAPI authentication vulnerability.
  - debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
    do not delegate credentials when doing GSSAPI authentication
  - CVE-2011-2192
42. By Bhavani Shankar on 2010-06-20: * Merge from debian unstable. Remaining changes: LP: #596334
  - Keep build deps in main:
    - Drop build dependencies: stunnel, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
41. By Kees Cook on 2009-12-11: * Merge with Debian testing. Remaining changes:
  - Keep build deps in main:
    - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
40. By Kees Cook on 2009-08-13: * SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- add debian/patches/cert-null-cn: backported upstream changes.
- CVE-2009-2417
39. By Bhavani Shankar on 2009-05-26: * Merge from Debian unstable (LP: #380281), remaining changes:
  - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
  - Add build-dependency on openssh-server
  - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
  - Call automake-1.9 with --add-missing --copy --force
* Fixes LP: #379477
38. By Michael Vogt on 2009-04-29: * Merge from debian unstable, remaining changes:
  - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
  - Add build-dependency on openssh-server
  - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
  - Call automake-1.9 with --add-missing --copy --force
* drop debian/patches/security_CVE-2009-0037.patch
  - this patch is part of 7.19.4
37. By Marc Deslauriers on 2009-03-03: * SECURITY UPDATE: add fix for CVE-2009-0037 back in
  - debian/patches/security_CVE-2009-0037.patch: updated patch to add missing
    section to lib/easy.c
  - CVE-2009-0037
36. By Jamie Strandboge on 2009-03-03: Revert last patch due to https regression (LP: #337501)
35. By Marc Deslauriers on 2009-03-03: * SECURITY UPDATE: Local file exposure via redirect
  - debian/patches/security_CVE-2009-0037.patch: add logic to lib/url.c and
    lib/urldata.h to limit what protocols curl will automatically follow via a
    redirect. By default, it now follows all protocols except FILE and SCP.
  - CVE-2009-0037

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/oneiric/curl

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntucurl package