lp:ubuntu/maverick-security/curl
- Get this branch:
- bzr branch lp:ubuntu/maverick-security/curl
Branch merges
Branch information
Recent revisions
- 44. By Marc Deslauriers
-
* SECURITY UPDATE: URL sanitization vulnerability
- debian/patches/ CVE-2012- 0036.patch: reject URLs with embedded control
codes in lib/{escape.h,escape. c,imap. c,pop3. c,smtp. c}.
- CVE-2012-0036 - 43. By Steve Beattie
-
* SECURITY UPDATE: libcurl unconditional credential delegation during
GSSAPI authentication vulnerability.
- debian/patches/ 0001-Curl_ input_negotiate -do-not- delegate- credentials. patch:
do not delegate credentials when doing GSSAPI authentication
- CVE-2011-2192 - 42. By Bhavani Shankar
-
* Merge from debian unstable. Remaining changes: LP: #596334
- Keep build deps in main:
- Drop build dependencies: stunnel, libssh2-1-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl- dev's Depends. - 41. By Kees Cook
-
* Merge with Debian testing. Remaining changes:
- Keep build deps in main:
- Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl- dev's Depends. - 40. By Kees Cook
-
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- add debian/patches/ cert-null- cn: backported upstream changes.
- CVE-2009-2417 - 39. By Bhavani Shankar
-
* Merge from Debian unstable (LP: #380281), remaining changes:
- Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl- dev's Depends.
- Call automake-1.9 with --add-missing --copy --force
* Fixes LP: #379477 - 38. By Michael Vogt
-
* Merge from debian unstable, remaining changes:
- Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
- Add build-dependency on openssh-server
- Drop libssh2-1-dev from libcurl4-openssl- dev's Depends.
- Call automake-1.9 with --add-missing --copy --force
* drop debian/patches/ security_ CVE-2009- 0037.patch
- this patch is part of 7.19.4 - 37. By Marc Deslauriers
-
* SECURITY UPDATE: add fix for CVE-2009-0037 back in
- debian/patches/ security_ CVE-2009- 0037.patch: updated patch to add missing
section to lib/easy.c
- CVE-2009-0037 - 35. By Marc Deslauriers
-
* SECURITY UPDATE: Local file exposure via redirect
- debian/patches/ security_ CVE-2009- 0037.patch: add logic to lib/url.c and
lib/urldata.h to limit what protocols curl will automatically follow via a
redirect. By default, it now follows all protocols except FILE and SCP.
- CVE-2009-0037
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/oneiric/curl