Ubuntu
curl package

lp:ubuntu/raring-security/curl

  1. Raring (13.04)
  2. raring-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/raring-security/curl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

71. By Marc Deslauriers

* SECURITY UPDATE: missing CN verification when signature verification is
  disabled in GnuTLS backend.
  - debian/patches/CVE-2013-6422.patch: still verify host when
    CURLOPT_SSL_VERIFYPEER isn't set in lib/gtls.c.
  - CVE-2013-6422

70. By Marc Deslauriers

* SECURITY UPDATE: missing CN verification when signature verification is
  disabled.
  - debian/patches/CVE-2013-4545.patch: still verify host when
    CURLOPT_SSL_VERIFYPEER isn't set in lib/ssluse.c.
  - CVE-2013-4545

69. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  heap overflow in URL decoder
  - debian/patches/CVE-2013-2174.patch: fix overflow in lib/escape.c,
    added tests to tests/data/Makefile.am, tests/data/test1396,
    tests/unit/Makefile.inc, tests/unit/unit1396.c.
  - CVE-2013-2174

68. By Seth Arnold

* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
  - debian/patches/09_curl-tailmatch.patch: enforce strict subdomain match
    when sending cookies. Patch from YAMADA Yasuharu.
  - http://curl.haxx.se/curl-tailmatch.patch
  - CVE-2013-1944

67. By Barry Warsaw

debian/patches/08_lp1124508.patch: Backport fix for upstream bug 1194,
segfault in curl_multi_cleanup() when multi->closure_handle is NULL.
(LP: #1124508)

66. By Marc Deslauriers

* Resynchronise with Debian. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.
* Add warning to debian/patches/series.

65. By Colin Watson

* Resynchronise with Debian. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.

64. By Colin Watson

Turn debian/libcurl3-udeb.install and debian/libcurl3-udeb.links back
into symlinks.

63. By Colin Watson

* Resynchronise with Debian. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.

62. By Colin Watson

* Resynchronise with Debian. Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/saucy/curl
This branch contains Public information 
Everyone can see this information.

Subscribers