lp:ubuntu/saucy-security/curl
- Get this branch:
- bzr branch lp:ubuntu/saucy-security/curl
Branch merges
Branch information
Recent revisions
- 76. By Marc Deslauriers
-
* SECURITY UPDATE: wrong re-use of connections
- debian/patches/ CVE-2014- 0138.patch: fix possible issues with NTLM
HTTP logic, and extend new connection logic to other protocols in
lib/http.c, lib/url.c, lib/urldata.h, add new tests to
tests/data/Makefile. am, tests/data/ test1418, tests/data/ test1419.
- CVE-2014-0138
* SECURITY UPDATE: incorrect wildcard SSL certificate validation with
literal IP addresses
- debian/patches/ CVE-2014- 0139.patch: fix wildcard logic in
lib/hostcheck. c, added tests to tests/data/ Makefile. am,
tests/data/test1397, tests/unit/ Makefile. inc, tests/unit/ unit1397. c.
- CVE-2014-0139
* debian/patches/ fix_test172. path: fix expired cookie causing test to
fail. - 75. By Marc Deslauriers
-
* SECURITY UPDATE: information disclosure via incorrect NTLM credential
reuse
- debian/patches/ CVE-2014- 0015.patch: don't reuse connections if NTLM
auth is used in lib/url.c.
- CVE-2014-0015 - 74. By Marc Deslauriers
-
* SECURITY UPDATE: missing CN verification when signature verification is
disabled in GnuTLS backend.
- debian/patches/ CVE-2013- 6422.patch: still verify host when
CURLOPT_SSL_VERIFYPEER isn't set in lib/gtls.c.
- CVE-2013-6422 - 73. By Marc Deslauriers
-
* SECURITY UPDATE: missing CN verification when signature verification is
disabled.
- debian/patches/ CVE-2013- 4545.patch: still verify host when
CURLOPT_SSL_VERIFYPEER isn't set in lib/ssluse.c.
- CVE-2013-4545 - 72. By Merge-o-Matic
-
* Merge from Debian unstable. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
* Fixes freeipa-client join. (LP: #1220928) - 71. By oussama
-
* Merge from Debian, Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package. - 70. By Sebastien Bacher
-
* Resynchronize on Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package. - 69. By Sebastien Bacher
-
* Resynchronize on Debian. Remaining changes:
- Drop dependencies not in main:
+ Build-Depends: Drop stunnel4 and libssh2-1-dev.
+ Drop libssh2-1-dev from binary package Depends.
- Add new libcurl3-udeb package.
- Add new curl-udeb package.
* Add warning to debian/patches/ series. - 68. By Seth Arnold
-
* SECURITY UPDATE: Incorrect cookie domain handling in tailmatch()
- debian/patches/ 09_curl- tailmatch. patch: enforce strict subdomain match
when sending cookies. Patch from YAMADA Yasuharu.
- http://curl.haxx. se/curl- tailmatch. patch
- CVE-2013-1944 - 67. By Barry Warsaw
-
debian/
patches/ 08_lp1124508. patch: Backport fix for upstream bug 1194,
segfault in curl_multi_cleanup( ) when multi-> closure_ handle is NULL.
(LP: #1124508)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/curl