Last commit made on 2019-09-11
Get this branch:
git clone -b applied/ubuntu/bionic-updates https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

25e37f1... by Alex Murray on 2019-09-06

Import patches-applied version 7.58.0-2ubuntu3.8 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 298b3763eb258451e747906512dfe977363ff474
Unapplied parent: c62981b29b64fa1154be20ef4773f0e2ae432502

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

c62981b... by Alex Murray on 2019-09-06

Build with NSS.

Gbp-Pq: 99_nss.patch.

6610366... by Alex Murray on 2019-09-06

Build with GnuTLS.

Gbp-Pq: 90_gnutls.patch.

acb8ed9... by Alex Murray on 2019-09-06

[PATCH] tftp: Alloc maximum blksize, and use default unless OACK is

Gbp-Pq: CVE-2019-5482.patch.

673f022... by Alex Murray on 2019-09-06

[PATCH] security:read_data fix bad realloc()

Gbp-Pq: CVE-2019-5481.patch.

8b45e77... by Alex Murray on 2019-09-06

[PATCH] tftp: use the current blksize for recvfrom()

Gbp-Pq: CVE-2019-5436.patch.

06a07a2... by Alex Murray on 2019-09-06

[PATCH 3/3] smtp: avoid risk of buffer overflow in strtol

Gbp-Pq: CVE-2019-3823.patch.

0aaeae9... by Alex Murray on 2019-09-06

[PATCH 2/3] ntlm: fix *_type3_message size check to avoid buffer

Gbp-Pq: CVE-2019-3822.patch.

fef87ca... by Alex Murray on 2019-09-06

[PATCH 1/3] NTLM: fix size check condition for type2 received data

Gbp-Pq: CVE-2018-16890.patch.

d147f3b... by Alex Murray on 2019-09-06

[PATCH] voutf: fix bad arethmetic when outputting warnings to stderr

Gbp-Pq: oob-read.patch.