ubuntu/+source/curl:debian/jessie

Last commit made on 2018-06-23
Get this branch:
git clone -b debian/jessie https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/jessie
Repository:
lp:ubuntu/+source/curl

Recent commits

18a9fd3... by Alessandro Ghedini on 2018-05-15

Import patches-unapplied version 7.38.0-4+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d0b32955476198b6eb5cf4535e2ab8663725ef56

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

d0b3295... by Yves-Alexis Perez on 2017-11-25

Import patches-unapplied version 7.38.0-4+deb8u8 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: ce405b54f3cfe8c073e086109d11835dee71e154

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816
    https://curl.haxx.se/docs/adv_2017-11e7.html
  * Fix FTP wildcard out of bounds read as per CVE-2017-8817
    https://curl.haxx.se/docs/adv_2017-ae72.html
  * Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257
    https://curl.haxx.se/docs/adv_20171023.html
  * Fix TFTP sends more than buffer size as per CVE-2017-1000100
    https://curl.haxx.se/docs/adv_20170809B.html
  * Fix URL globbing out of bounds read as per CVE-2017-1000101
    https://curl.haxx.se/docs/adv_20170809A.html
  * Fix FTP PWD response parser out of bounds read as per CVE-2017-1000254
    https://curl.haxx.se/docs/adv_20171004.html

ce405b5... by Alessandro Ghedini on 2016-11-01

Import patches-unapplied version 7.38.0-4+deb8u5 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 2f14991486e4b56d20e9823dc787bac2e47439dc

New changelog entries:
  * Fix cookie injection for other servers as per CVE-2016-8615
    https://curl.haxx.se/docs/adv_20161102A.html
  * Fix case insensitive password comparison as per CVE-2016-8616
    https://curl.haxx.se/docs/adv_20161102B.html
  * Fix OOB write via unchecked multiplication as per CVE-2016-8617
    https://curl.haxx.se/docs/adv_20161102C.html
  * Fix double-free in curl_maprintf as per CVE-2016-8618
    https://curl.haxx.se/docs/adv_20161102D.html
  * Fix double-free in krb5 code as per CVE-2016-8619
    https://curl.haxx.se/docs/adv_20161102E.html
  * Fix glob parser write/read out of bounds as per CVE-2016-8620
    https://curl.haxx.se/docs/adv_20161102F.html
  * Fix curl_getdate read out of bounds as per CVE-2016-8621
    https://curl.haxx.se/docs/adv_20161102G.html
  * Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
    https://curl.haxx.se/docs/adv_20161102H.html
  * Fix use-after-free via shared cookies as per CVE-2016-8623
    https://curl.haxx.se/docs/adv_20161102I.html
  * Fix invalid URL parsing with '#' as per CVE-2016-8624
    https://curl.haxx.se/docs/adv_20161102J.html

2f14991... by Alessandro Ghedini on 2016-08-01

Import patches-unapplied version 7.38.0-4+deb8u4 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: fb04f7e3c937ea126204e0db7c12e314ae7100cf

New changelog entries:
  * Fix TLS session resumption client cert bypass as per CVE-2016-5419
    https://curl.haxx.se/docs/adv_20160803A.html
  * Fix re-using connection with wrong client cert as per CVE-2016-5420
    https://curl.haxx.se/docs/adv_20160803B.html
  * Fix use of connection struct after free as per CVE-2016-5421
    https://curl.haxx.se/docs/adv_20160803C.html

fb04f7e... by Alessandro Ghedini on 2016-01-26

Import patches-unapplied version 7.38.0-4+deb8u3 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: aaabd8020e402106e051a0d0fee69c5f972c2193

New changelog entries:
  * Fix NTLM credentials not-checked for proxy connection re-use
    as per CVE-2016-0755
    http://curl.haxx.se/docs/adv_20160127A.htm

aaabd80... by Alessandro Ghedini on 2015-04-29

Import patches-unapplied version 7.38.0-4+deb8u2 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 304c0330a7f8dec2595cead2feb0d42915368ba5

New changelog entries:
  * Don't send sensitive HTTP server headers to proxies as per CVE-2015-3153
    http://curl.haxx.se/docs/adv_20150429.html
  * Fix re-using authenticated connection when unauthenticated
    as per CVE-2015-3143
    http://curl.haxx.se/docs/adv_20150422A.html
  * Fix host name out of boundary memory access as per CVE-2015-3144
    http://curl.haxx.se/docs/adv_20150422D.html
  * Fix cookie parser out of boundary memory access as per CVE-2015-3145
    http://curl.haxx.se/docs/adv_20150422C.html
  * Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
    http://curl.haxx.se/docs/adv_20150422B.html

304c033... by Alessandro Ghedini on 2015-01-08

Import patches-unapplied version 7.38.0-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 27428aec2e1027fec539759430b9df92b4944f57

New changelog entries:
  * Fix URL request injection vulnerability as per CVE-2014-8150
    http://curl.haxx.se/docs/adv_20150108B.html
  * Set urgency=high accordingly

27428ae... by Alessandro Ghedini on 2014-11-06

Import patches-unapplied version 7.38.0-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 232d4c07b10916a5537e19438ce5a7e7e469a230

New changelog entries:
  * Enable all hardening options (Closes: #763372)
  * Fix duphandle read out of bounds as per CVE-2014-3707
    http://curl.haxx.se/docs/adv_20141105.html
  * Set urgency=high accordingly

232d4c0... by Alessandro Ghedini on 2014-09-23

Import patches-unapplied version 7.38.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f58c3150937124e41628bf01244aa2e9f46a00ad

New changelog entries:
  * Check for libtoolize instead of libtool during build.
    Thanks to Helmut Grohne for the patch (Closes: #761740)
  * Add README.source note regarding ordering of patches (Closes: #762193)
  * Add 10_fix-resolver.patch from upstream (Closes: #762014)

f58c315... by Alessandro Ghedini on 2014-09-10

Import patches-unapplied version 7.38.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: efb0b22663c2317f40e8dcb5be6362632c0a4283

New changelog entries:
  * New upstream release
    - Only use full host matches for hosts used as IP address
      as per CVE-2014-3613
      http://curl.haxx.se/docs/adv_20140910A.html
    - Reject incoming cookies set for TLDs as per CVE-2014-3620
      http://curl.haxx.se/docs/adv_20140910B.html
  * Drop 08_link-curl-to-nss.patch (merged upstream)
  * Refresh patches
  * Fix wildcard-matches-nothing-in-dep5-copyright
  * Add 08_fix-spelling.patch