ubuntu/+source/curl:applied/ubuntu/zesty-devel

Last commit made on 2017-11-29
Get this branch:
git clone -b applied/ubuntu/zesty-devel https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/zesty-devel
Repository:
lp:ubuntu/+source/curl

Recent commits

c806017... by Marc Deslauriers on 2017-11-28

Import patches-applied version 7.52.1-4ubuntu1.4 to applied/ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 1ef5bc970468bc01e9c132f84c67e24cea353b11
Unapplied parent: 26f282a1ab0fadf79d176f51ece76eed7af46e4c

New changelog entries:
  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

26f282a... by Marc Deslauriers on 2017-11-28

Build with NSS.

Gbp-Pq: 99_nss.patch.

9f1009d... by Marc Deslauriers on 2017-11-28

Build with GnuTLS.

Gbp-Pq: 90_gnutls.patch.

83ee2a9... by Marc Deslauriers on 2017-11-28

[PATCH] wildcardmatch: fix heap buffer overflow in setcharset

Gbp-Pq: CVE-2017-8817.patch.

318225a... by Marc Deslauriers on 2017-11-28

[PATCH] ntlm: avoid integer overflow for malloc size

Gbp-Pq: CVE-2017-8816.patch.

802a5de... by Marc Deslauriers on 2017-11-28

[PATCH] imap: if a FETCH response has no size, don't call write

Gbp-Pq: CVE-2017-1000257.patch.

3b0c20b... by Marc Deslauriers on 2017-11-28

[PATCH] curl: check for end of input in writeout backslash handling

Gbp-Pq: CVE-2017-7407-2.patch.

b84fe0a... by Marc Deslauriers on 2017-11-28

[PATCH] FTP: zero terminate the entry path even on bad input

Gbp-Pq: CVE-2017-1000254.patch.

75c8349... by Marc Deslauriers on 2017-11-28

[PATCH] glob: do not continue parsing after a strtoul() overflow

Gbp-Pq: CVE-2017-1000101.patch.

2f3068c... by Marc Deslauriers on 2017-11-28

[PATCH] tftp: reject file name lengths that don't fit

Gbp-Pq: CVE-2017-1000100.patch.