Format: 1.8 Date: Tue, 29 Jan 2019 08:48:30 -0500 Source: curl Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: armhf Version: 7.58.0-2ubuntu3.6 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.58.0-2ubuntu3.6) bionic-security; urgency=medium . * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read - debian/patches/CVE-2018-16890.patch: fix size check condition for type2 received data in lib/vauth/ntlm.c. - CVE-2018-16890 * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to avoid buffer overflow in lib/vauth/ntlm.c. - CVE-2019-3822 * SECURITY UPDATE: SMTP end-of-response out-of-bounds read - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in strtol in lib/smtp.c. - CVE-2019-3823 Checksums-Sha1: 237c0c353643288ce26ac711ad9dfc12bee380cb 138828 curl-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb b8aa042c1e783b7e6c20d0d8625be5a0a56cbf56 11291 curl_7.58.0-2ubuntu3.6_armhf.buildinfo 657aa2f9d1691b463f9aa58bd0e999129cf74080 152468 curl_7.58.0-2ubuntu3.6_armhf.deb 31f38a227a1b107b9f2ba407c59319ba4c91c6e9 1254768 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb 787ce43f91ba279f45f6f87e609891252f012b94 181896 libcurl3-gnutls_7.58.0-2ubuntu3.6_armhf.deb 48762c5d1b32d3fe8e4f11cf3e352fad6d0c0d17 1283520 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb c61ea00bc9143b2f07b7b8542032105557249971 187764 libcurl3-nss_7.58.0-2ubuntu3.6_armhf.deb 993c8cf2f8d06ded5c42607d406008ba01b29007 1265184 libcurl4-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb cfc50d32a058a8c92b9f05f3efa5e78ec8c86add 269732 libcurl4-gnutls-dev_7.58.0-2ubuntu3.6_armhf.deb 3acbc2c81638feb5b22d865a720efc410eb18910 275728 libcurl4-nss-dev_7.58.0-2ubuntu3.6_armhf.deb 4de75ce3761bb0f5686549a0e1ecf90099c11c9d 271144 libcurl4-openssl-dev_7.58.0-2ubuntu3.6_armhf.deb 44a80bdaee7d1db136182b8d40491b065c1884e4 183128 libcurl4_7.58.0-2ubuntu3.6_armhf.deb Checksums-Sha256: 4fcf0925b7adba5045684ef2c85293940bc6c1dc807da0ba4c0788f3c1ac85e4 138828 curl-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb 2ec11f8ed8c8c98c6b9a975500f8f50d6effaa3f0c66415fb7435044b13b917e 11291 curl_7.58.0-2ubuntu3.6_armhf.buildinfo f91f7d478ad4ba164eca553abc16397c890afd91e2aedfaf534098963bf9b9f2 152468 curl_7.58.0-2ubuntu3.6_armhf.deb be3fc5c2652cb9bae87be68a2bd440b5fc6ed028e8bd7d002aac41e3de23d2c0 1254768 libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb 953f9c6a340c2b41ccbd0c0ac51898163345ea26d12896bb8210dd734569706d 181896 libcurl3-gnutls_7.58.0-2ubuntu3.6_armhf.deb 3129f16d394e62d2c20e4face38da3847b87aecb03813a3eb354e6f036a4a745 1283520 libcurl3-nss-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb 234b1e1e6b637bb36e3a200d197387c5205ef52fd952764054c2ec015ddf97f5 187764 libcurl3-nss_7.58.0-2ubuntu3.6_armhf.deb bf19d54a39dcbba4f7a851f9d08ada63122ebd679c1e92bc93b5227cdeb14574 1265184 libcurl4-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb 487e9d533b8c260e719955f6ef6af9c4a9d085e9ec65c6324b4d3d0643408367 269732 libcurl4-gnutls-dev_7.58.0-2ubuntu3.6_armhf.deb 75a1dd149926c649652a3672493afd78defd86b414a690f0a657b70e9bb19fb0 275728 libcurl4-nss-dev_7.58.0-2ubuntu3.6_armhf.deb f5b7beaa000b5f5bc477c95c85c3cf842953fa36db70b7fafd1eeb5f0dfe2819 271144 libcurl4-openssl-dev_7.58.0-2ubuntu3.6_armhf.deb 48ecd327f1e55ce8268d30331ab952f445368751b4baea3a0dc94627af07f480 183128 libcurl4_7.58.0-2ubuntu3.6_armhf.deb Files: e1bcde1f09ece10c2daddca2da535314 138828 debug optional curl-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb ca1dc7be6b6126bd8ed142eec7f13945 11291 web optional curl_7.58.0-2ubuntu3.6_armhf.buildinfo 970063ef0214064c865cd183defd5fbf 152468 web optional curl_7.58.0-2ubuntu3.6_armhf.deb 406b180218b15dbde0ddd992d07dbdbf 1254768 debug optional libcurl3-gnutls-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb b1a178a73ec0ae194efe841c39535b6e 181896 libs optional libcurl3-gnutls_7.58.0-2ubuntu3.6_armhf.deb f36da36c0b74e5c3525fe24fd802b365 1283520 debug optional libcurl3-nss-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb 59f5938fd0003a657f5476e4ebc84a17 187764 libs optional libcurl3-nss_7.58.0-2ubuntu3.6_armhf.deb e53611d00688235f2c2ddb01666fe37e 1265184 debug optional libcurl4-dbgsym_7.58.0-2ubuntu3.6_armhf.ddeb 499fed22f60eb09cbf002a568b4f45cb 269732 libdevel optional libcurl4-gnutls-dev_7.58.0-2ubuntu3.6_armhf.deb 3ef580680a7f90d49c6114f2f92d6d43 275728 libdevel optional libcurl4-nss-dev_7.58.0-2ubuntu3.6_armhf.deb 0ad09e03944d4a21398a8c239d067150 271144 libdevel optional libcurl4-openssl-dev_7.58.0-2ubuntu3.6_armhf.deb 3246435b45562cd79800cff29420469e 183128 libs optional libcurl4_7.58.0-2ubuntu3.6_armhf.deb Original-Maintainer: Alessandro Ghedini