Last commit made on 2019-09-11
Get this branch:
git clone -b applied/ubuntu/disco-security https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

73b23c9... by Alex Murray on 2019-09-06

Import patches-applied version 7.64.0-2ubuntu1.2 to applied/ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: dccf98ef134849d5f9265d0365db17c3d7aa73a4
Unapplied parent: 2d4adbf84b8cbe16d34bdca4ac5ede5881534776

New changelog entries:
  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482

2d4adbf... by Alex Murray on 2019-09-06

Build with NSS.

Gbp-Pq: 99_nss.patch.

e5b959e... by Alex Murray on 2019-09-06

Build with GnuTLS.

Gbp-Pq: 90_gnutls.patch.

d27e758... by Alex Murray on 2019-09-06

[PATCH] tftp: Alloc maximum blksize, and use default unless OACK is

Gbp-Pq: CVE-2019-5482.patch.

7a2887e... by Alex Murray on 2019-09-06

[PATCH] security:read_data fix bad realloc()

Gbp-Pq: CVE-2019-5481.patch.

0477d98... by Alex Murray on 2019-09-06

[PATCH] tftp: use the current blksize for recvfrom()

Gbp-Pq: CVE-2019-5436.patch.

bb0fc50... by Alex Murray on 2019-09-06

[PATCH] CURL_MAX_INPUT_LENGTH: largest acceptable string input size

Gbp-Pq: CVE-2019-5435.patch.

6565442... by Alex Murray on 2019-09-06

[PATCH] singlesocket: fix the 'sincebefore' placement

Gbp-Pq: 13_singlesocket-fix-the-sincebefore-placement.patch.

26b3366... by Alex Murray on 2019-09-06

Fixes for ZSH completion generator

Gbp-Pq: 12_zsh.patch.

1bc8491... by Alex Murray on 2019-09-06

In order to (partially) multi-arch-ify curl-config, remove all

Gbp-Pq: 11_omit-directories-from-config.patch.