ubuntu/+source/curl:debian/stretch

Last commit made on 2019-02-16
Get this branch:
git clone -b debian/stretch https://git.launchpad.net/ubuntu/+source/curl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/stretch
Repository:
lp:ubuntu/+source/curl

Recent commits

db13a04... by Alessandro Ghedini on 2019-02-04

Import patches-unapplied version 7.52.1-5+deb9u9 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 8e86840b3ef698de552c67f3a4711b949fd87130

New changelog entries:
  * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
    https://curl.haxx.se/docs/CVE-2018-16890.html
  * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
    https://curl.haxx.se/docs/CVE-2019-3822.html
  * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
    https://curl.haxx.se/docs/CVE-2019-3823.html

8e86840... by Alessandro Ghedini on 2018-10-30

Import patches-unapplied version 7.52.1-5+deb9u8 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: fabfc76e8299dd12d53c78daa4318bbe84f1386b

New changelog entries:
  * Fix SASL password overflow via integer overflow as per CVE-2018-16839
    https://curl.haxx.se/docs/CVE-2018-16839.html
  * Fix warning message out-of-buffer read as per CVE-2018-16842
    https://curl.haxx.se/docs/CVE-2018-16842.html
  * Fix NTLM password overflow via integer overflow as per CVE-2018-14618
    https://curl.haxx.se/docs/CVE-2018-14618.html

fabfc76... by Alessandro Ghedini on 2018-05-15

Import patches-unapplied version 7.52.1-5+deb9u6 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: e19836ee342349b0c93424f8e701014e3aa8f3a3

New changelog entries:
  * Fix heap buffer over-read when parsing bad RTSP headers
    as per CVE-2018-1000301
    https://curl.haxx.se/docs/adv_2018-b138.html
  * Fix NIL byte out of bounds write due to FTP path trickery
    as per CVE-2018-1000120
    https://curl.haxx.se/docs/adv_2018-9cd6.html
  * Fix LDAP NULL pointer dereference as per CVE-2018-1000121
    https://curl.haxx.se/docs/adv_2018-97a2.html
  * Fix RTSP RTP buffer over-read as per CVE-2018-1000122
    https://curl.haxx.se/docs/adv_2018-b047.html

e19836e... by Alessandro Ghedini on 2018-01-23

Import patches-unapplied version 7.52.1-5+deb9u4 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 3b3b7e229242c84d113795e1074bf519eb8e7250

New changelog entries:
  * Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005
    https://curl.haxx.se/docs/adv_2018-824a.html
  * Fix HTTP authentication leak in redirects as per CVE-2018-1000007
    https://curl.haxx.se/docs/adv_2018-b3bf.html

3b3b7e2... by Yves-Alexis Perez on 2017-11-26

Import patches-unapplied version 7.52.1-5+deb9u3 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 4351b6803570cab64e28b6dc27b17a3ae74bfceb

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816
    https://curl.haxx.se/docs/adv_2017-11e7.html
  * Fix FTP wildcard out of bounds read as per CVE-2017-8817
    https://curl.haxx.se/docs/adv_2017-ae72.html
  * Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257
    https://curl.haxx.se/docs/adv_20171023.html
  * Fix TFTP sends more than buffer size as per CVE-2017-1000100
    https://curl.haxx.se/docs/adv_20170809B.html
  * Fix URL globbing out of bounds read as per CVE-2017-1000101
    https://curl.haxx.se/docs/adv_20170809A.html
  * Fix FTP PWD response parser out of bounds read as per CVE-2017-1000254
    https://curl.haxx.se/docs/adv_20171004.html

4351b68... by Alessandro Ghedini on 2017-04-19

Import patches-unapplied version 7.52.1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: dd837796fb533d4d814394d9f0851edbf065386b

New changelog entries:
  * Fix TLS session resumption client cert bypass as per CVE-2017-7468
    https://curl.haxx.se/docs/adv_20170419.html

dd83779... by Alessandro Ghedini on 2017-04-08

Import patches-unapplied version 7.52.1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2919bea5483dd62172975384d3da1ce4ff50d86b

New changelog entries:
  * Fix regression in CONNECT response handling (Closes: #857613)
  * Fix buffer read overrun on --write-out as per CVE-2017-7407
    https://curl.haxx.se/docs/adv_20170403.html (Closes: #859500)

2919bea... by Alessandro Ghedini on 2017-02-21

Import patches-unapplied version 7.52.1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4eeb0572ddc390c50cde0b831b99f8c367d5ab29

New changelog entries:
  * Make SSL_VERIFYSTATUS work again as per CVE-2017-2629
    https://curl.haxx.se/docs/adv_20170222.html

4eeb057... by Alessandro Ghedini on 2017-01-29

Import patches-unapplied version 7.52.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1c9418b78e159b6f66fb9553f7e1b3e56f3c0943

New changelog entries:
  * Fix HTTPS connection timeout with OpenSSL (Closes: #852317)

1c9418b... by Alessandro Ghedini on 2017-01-12

Import patches-unapplied version 7.52.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 761b2a090edddb86ec3104e30714bf721dbd30be

New changelog entries:
  * New upstream release
    - Fix printf floating point buffer overflow as per CVE-2016-9586
      (Closes: #848958)
  * B-D on "libssl1.0-dev | libssl-dev (<< 1.1)" (Closes: #850880, #844018)
  * Another attempt at making -dev packages multi-arch.
    Thanks to Benjamin Moody for the patches. (Closes: #731998, #846360)
  * Enable support for PSL (Closes: #847958)
  * Re-enable support for IDN (Closes: #849539)
  * Drop 10_disable-network-tests.patch.
    It didn't really work, and the issue is not urgent.
  * Switch curl binary back to libcurl3/OpenSSL.
    While the GnuTLS flavour mostly worked fine, there are a bunch of features
    that are not implemented.