Package "curl"

Name: curl


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • easy-to-use client-side URL transfer library (NSS flavour)
  • development files and documentation for libcurl (NSS flavour)

Latest version: 7.88.1-8ubuntu2.4
Release: lunar (23.04)
Level: updates
Repository: universe


Other versions of "curl" in Lunar

Repository Area Version
base main 7.88.1-8ubuntu1
base universe 7.88.1-8ubuntu1
security main 7.88.1-8ubuntu2.4
security universe 7.88.1-8ubuntu2.4
updates main 7.88.1-8ubuntu2.4

Packages in group

Deleted packages are displayed in grey.


Version: 7.88.1-8ubuntu2.4 2023-12-06 15:07:00 UTC

  curl (7.88.1-8ubuntu2.4) lunar-security; urgency=medium

  * SECURITY UPDATE: cookie mixed case PSL bypass
    - debian/patches/CVE-2023-46218.patch: lowercase the domain names
      before PSL checks in lib/cookie.c.
    - CVE-2023-46218
  * SECURITY UPDATE: HSTS long file name clears contents
    - debian/patches/CVE-2023-46219.patch: create short(er) temporary file
      name in lib/fopen.c.
    - CVE-2023-46219

 -- Marc Deslauriers <email address hidden> Wed, 29 Nov 2023 14:21:53 -0500

Source diff to previous version
CVE-2023-46218 curl: cookie mixed case PSL bypass
CVE-2023-46219 curl: HSTS long file name clears contents

Version: 7.88.1-8ubuntu2.3 2023-10-11 14:06:50 UTC

  curl (7.88.1-8ubuntu2.3) lunar-security; urgency=medium

  * SECURITY UPDATE: SOCKS5 heap buffer overflow
    - debian/patches/CVE-2023-38545.patch: return error if hostname too
      long for remote resolve in lib/socks.c, tests/data/Makefile.inc,
    - CVE-2023-38545
  * SECURITY UPDATE: cookie injection with none file
    - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
      in lib/cookie.c, lib/cookie.h, lib/easy.c.
    - CVE-2023-38546

 -- Marc Deslauriers <email address hidden> Tue, 03 Oct 2023 11:22:25 -0400

Source diff to previous version

Version: 7.88.1-8ubuntu2.2 2023-09-13 14:08:52 UTC

  curl (7.88.1-8ubuntu2.2) lunar-security; urgency=medium

  * SECURITY UPDATE: HTTP headers eat all memory
    - debian/patches/CVE-2023-38039.patch: return error when receiving too
      large header set in lib/c-hyper.c, lib/http_proxy.c, lib/http.c,
      lib/http.h, lib/pingpong.c, lib/urldata.h.
    - CVE-2023-38039

 -- Marc Deslauriers <email address hidden> Mon, 11 Sep 2023 09:09:46 -0400

Source diff to previous version

Version: 7.88.1-8ubuntu2.1 2023-07-19 15:07:13 UTC

  curl (7.88.1-8ubuntu2.1) lunar-security; urgency=medium

  * SECURITY UPDATE: improper certificate validation vulnerability
    - debian/patches/CVE-2023-28321.patch: fix host name wildcard checking
      in lib/vtls/hostcheck.c, tests/data/test1397, tests/unit/unit1397.c.
    - CVE-2023-28321
  * SECURITY UPDATE: information disclosure vulnerability
    - debian/patches/CVE-2023-28322.patch: unify the upload/method handling
      in lib/curl_rtmp.c, lib/file.c, lib/ftp.c, lib/http.c, lib/imap.c,
      lib/rtsp.c, lib/setopt.c, lib/smb.c, lib/smtp.c, lib/tftp.c,
      lib/transfer.c, lib/urldata.h, lib/vssh/libssh.c, lib/vssh/libssh2.c,
    - CVE-2023-28322
  * SECURITY UPDATE: fopen race condition
    - debian/patches/CVE-2023-32001.patch: fix race in lib/fopen.c.
    - CVE-2023-32001

 -- Marc Deslauriers <email address hidden> Mon, 17 Jul 2023 07:53:10 -0400

Source diff to previous version
CVE-2023-28321 An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject
CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOP

Version: 7.88.1-8ubuntu2 2023-05-25 21:07:01 UTC

  curl (7.88.1-8ubuntu2) lunar; urgency=medium

  * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch:
    Don't prepend "nss" when opening libnssckbi.so. Rename definition
    to _DEB_TARGET_ARCH. (LP: #2016439)
  * d/rules: Declare DEB_TARGET_MULTIARCH. Rename definition to

 -- Sergio Durigan Junior <email address hidden> Thu, 20 Apr 2023 17:30:44 -0400

2016439 Regression finding system certificates

About   -   Send Feedback to @ubuntu_updates