UbuntuUpdates.org

Package "libcurl4-gnutls-dev"

Name: libcurl4-gnutls-dev

Description:

development files and documentation for libcurl (GnuTLS flavour)

Latest version: 7.81.0-1ubuntu1.16
Release: jammy (22.04)
Level: security
Repository: main
Head package: curl
Homepage: https://curl.haxx.se

Links


Download "libcurl4-gnutls-dev"


Other versions of "libcurl4-gnutls-dev" in Jammy

Repository Area Version
base main 7.81.0-1
updates main 7.81.0-1ubuntu1.16

Changelog

Version: 7.81.0-1ubuntu1.16 2024-03-27 14:06:52 UTC

  curl (7.81.0-1ubuntu1.16) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 push headers memory-leak
    - debian/patches/CVE-2024-2398.patch: push headers better cleanup in
      lib/http2.c.
    - CVE-2024-2398

 -- Marc Deslauriers <email address hidden> Tue, 19 Mar 2024 08:16:19 -0400

Source diff to previous version
CVE-2024-2398 HTTP/2 push headers memory-leak

Version: 7.81.0-1ubuntu1.15 2023-12-06 14:06:56 UTC

  curl (7.81.0-1ubuntu1.15) jammy-security; urgency=medium

  * SECURITY UPDATE: cookie mixed case PSL bypass
    - debian/patches/CVE-2023-46218.patch: lowercase the domain names
      before PSL checks in lib/cookie.c.
    - CVE-2023-46218

 -- Marc Deslauriers <email address hidden> Wed, 29 Nov 2023 14:23:00 -0500

Source diff to previous version
CVE-2023-46218 curl: cookie mixed case PSL bypass

Version: 7.81.0-1ubuntu1.14 2023-10-11 13:06:52 UTC

  curl (7.81.0-1ubuntu1.14) jammy-security; urgency=medium

  * SECURITY UPDATE: SOCKS5 heap buffer overflow
    - debian/patches/CVE-2023-38545.patch: return error if hostname too
      long for remote resolve in lib/socks.c, tests/data/Makefile.inc,
      tests/data/test728.
    - CVE-2023-38545
  * SECURITY UPDATE: cookie injection with none file
    - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
      in lib/cookie.c, lib/cookie.h, lib/easy.c.
    - CVE-2023-38546

 -- Marc Deslauriers <email address hidden> Tue, 03 Oct 2023 13:15:41 -0400

Source diff to previous version

Version: 7.81.0-1ubuntu1.13 2023-07-19 20:07:01 UTC

  curl (7.81.0-1ubuntu1.13) jammy-security; urgency=medium

  * SECURITY REGRESSION: broken ssl cert wildcard handling (LP: #2028170)
    - debian/patches/CVE-2023-28321.patch: fix missing line in backport.

 -- Marc Deslauriers <email address hidden> Wed, 19 Jul 2023 12:23:36 -0400

Source diff to previous version
2028170 curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
CVE-2023-28321 An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject

Version: 7.81.0-1ubuntu1.11 2023-07-19 13:07:17 UTC

  curl (7.81.0-1ubuntu1.11) jammy-security; urgency=medium

  * SECURITY UPDATE: improper certificate validation vulnerability
    - debian/patches/CVE-2023-28321.patch: fix host name wildcard checking
      in lib/hostcheck.c, tests/data/test1397, tests/unit/unit1397.c.
    - CVE-2023-28321
  * SECURITY UPDATE: information disclosure vulnerability
    - debian/patches/CVE-2023-28322.patch: unify the upload/method handling
      in lib/curl_rtmp.c, lib/file.c, lib/ftp.c, lib/http.c, lib/imap.c,
      lib/rtsp.c, lib/setopt.c, lib/smb.c, lib/smtp.c, lib/tftp.c,
      lib/transfer.c, lib/urldata.h, lib/vssh/libssh.c, lib/vssh/libssh2.c,
      lib/vssh/wolfssh.c.
    - CVE-2023-28322

 -- Marc Deslauriers <email address hidden> Mon, 17 Jul 2023 10:25:41 -0400

CVE-2023-28321 An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject
CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOP



About   -   Send Feedback to @ubuntu_updates