lp:ubuntu/maverick-updates/curl

Created by James Westby on 2011-06-24 and last modified on 2012-01-24
Get this branch:
bzr branch lp:ubuntu/maverick-updates/curl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

44. By Marc Deslauriers on 2012-01-24

* SECURITY UPDATE: URL sanitization vulnerability
  - debian/patches/CVE-2012-0036.patch: reject URLs with embedded control
    codes in lib/{escape.h,escape.c,imap.c,pop3.c,smtp.c}.
  - CVE-2012-0036

43. By Steve Beattie on 2011-06-08

* SECURITY UPDATE: libcurl unconditional credential delegation during
  GSSAPI authentication vulnerability.
  - debian/patches/0001-Curl_input_negotiate-do-not-delegate-credentials.patch:
    do not delegate credentials when doing GSSAPI authentication
  - CVE-2011-2192

42. By Bhavani Shankar on 2010-06-20

* Merge from debian unstable. Remaining changes: LP: #596334
  - Keep build deps in main:
    - Drop build dependencies: stunnel, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

41. By Kees Cook on 2009-12-11

* Merge with Debian testing. Remaining changes:
  - Keep build deps in main:
    - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
    - Add build-dependency on openssh-server
    - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.

40. By Kees Cook on 2009-08-13

* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
  - add debian/patches/cert-null-cn: backported upstream changes.
  - CVE-2009-2417

39. By Bhavani Shankar on 2009-05-26

* Merge from Debian unstable (LP: #380281), remaining changes:
  - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
  - Add build-dependency on openssh-server
  - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
  - Call automake-1.9 with --add-missing --copy --force
* Fixes LP: #379477

38. By Michael Vogt on 2009-04-29

* Merge from debian unstable, remaining changes:
  - Drop build dependencies: stunnel, libdb4.6-dev, libssh2-1-dev
  - Add build-dependency on openssh-server
  - Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
  - Call automake-1.9 with --add-missing --copy --force
* drop debian/patches/security_CVE-2009-0037.patch
  - this patch is part of 7.19.4

37. By Marc Deslauriers on 2009-03-03

* SECURITY UPDATE: add fix for CVE-2009-0037 back in
  - debian/patches/security_CVE-2009-0037.patch: updated patch to add missing
    section to lib/easy.c
  - CVE-2009-0037

36. By Jamie Strandboge on 2009-03-03

Revert last patch due to https regression (LP: #337501)

35. By Marc Deslauriers on 2009-03-03

* SECURITY UPDATE: Local file exposure via redirect
  - debian/patches/security_CVE-2009-0037.patch: add logic to lib/url.c and
    lib/urldata.h to limit what protocols curl will automatically follow via a
    redirect. By default, it now follows all protocols except FILE and SCP.
  - CVE-2009-0037

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/oneiric/curl
This branch contains Public information 
Everyone can see this information.

Subscribers