UbuntuUpdates.org

Package "libcurl3-nss"

Name: libcurl3-nss

Description:

easy-to-use client-side URL transfer library (NSS flavour)

Latest version: 8.2.1-1ubuntu3.3
Release: mantic (23.10)
Level: updates
Repository: universe
Head package: curl
Homepage: https://curl.se/

Links


Download "libcurl3-nss"


Other versions of "libcurl3-nss" in Mantic

Repository Area Version
base universe 8.2.1-1ubuntu3
security universe 8.2.1-1ubuntu3.3

Changelog

Version: 8.2.1-1ubuntu3.3 2024-03-27 17:07:06 UTC

  curl (8.2.1-1ubuntu3.3) mantic-security; urgency=medium

  * SECURITY UPDATE: Usage of disabled protocol
    - debian/patches/CVE-2024-2004.patch: fix disabling all protocols in
      lib/setopt.c, tests/data/Makefile.inc, tests/data/test1474.
    - CVE-2024-2004
  * SECURITY UPDATE: HTTP/2 push headers memory-leak
    - debian/patches/CVE-2024-2398.patch: push headers better cleanup in
      lib/http2.c.
    - CVE-2024-2398
  * debian/patches/fix_expired_test.patch: update cookie expiry dates to
    far in the future to fix expired date in tests/data/test420.

 -- Marc Deslauriers <email address hidden> Tue, 19 Mar 2024 07:56:43 -0400

Source diff to previous version
CVE-2024-2004 Usage of disabled protocol
CVE-2024-2398 HTTP/2 push headers memory-leak

Version: 8.2.1-1ubuntu3.2 2023-12-06 15:07:01 UTC

  curl (8.2.1-1ubuntu3.2) mantic-security; urgency=medium

  * SECURITY UPDATE: cookie mixed case PSL bypass
    - debian/patches/CVE-2023-46218.patch: lowercase the domain names
      before PSL checks in lib/cookie.c.
    - CVE-2023-46218
  * SECURITY UPDATE: HSTS long file name clears contents
    - debian/patches/CVE-2023-46219.patch: create short(er) temporary file
      name in lib/fopen.c.
    - CVE-2023-46219

 -- Marc Deslauriers <email address hidden> Wed, 29 Nov 2023 14:13:09 -0500

Source diff to previous version
CVE-2023-46218 curl: cookie mixed case PSL bypass
CVE-2023-46219 curl: HSTS long file name clears contents

Version: 8.2.1-1ubuntu3.1 2023-10-17 14:07:06 UTC

  curl (8.2.1-1ubuntu3.1) mantic-security; urgency=medium

  * SECURITY UPDATE: SOCKS5 heap buffer overflow
    - debian/patches/CVE-2023-38545.patch: return error if hostname too
      long for remote resolve in lib/socks.c, tests/data/Makefile.inc,
      tests/data/test728.
    - CVE-2023-38545
  * SECURITY UPDATE: cookie injection with none file
    - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
      in lib/cookie.c, lib/cookie.h, lib/easy.c.
    - CVE-2023-38546

 -- Marc Deslauriers <email address hidden> Tue, 03 Oct 2023 20:03:05 -0400




About   -   Send Feedback to @ubuntu_updates