UbuntuUpdates.org

Package "libcurl3"

Name: libcurl3

Description:

Multi-protocol file transfer library (OpenSSL)
Latest version: 7.22.0-3ubuntu4.29
Release: precise (12.04)
Level: updates
Repository: main
Head package: curl
Homepage: http://curl.haxx.se

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libcurl3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libcurl3" in Precise

Repository Area Version
base main 7.22.0-3ubuntu4
security main 7.22.0-3ubuntu4.29

Changelog

Version: 7.22.0-3ubuntu4.12 2015-01-15 16:07:45 UTC

  curl (7.22.0-3ubuntu4.12) precise-security; urgency=medium

  * SECURITY UPDATE: URL request injection
    - debian/patches/CVE-2014-8150.patch: drop bad chars from URL in
      lib/url.c.
    - CVE-2014-8150
 -- Marc Deslauriers <email address hidden> Wed, 14 Jan 2015 08:51:55 -0500
Source diff to previous version
CVE-2014-8150 URL request injection

Version: 7.22.0-3ubuntu4.11 2014-11-10 16:06:39 UTC

  curl (7.22.0-3ubuntu4.11) precise-security; urgency=medium

  * SECURITY UPDATE: sensitive data disclosure via duphandle read out of
    bounds
    - debian/patches/CVE-2014-3707.patch: properly copy memory aread in
      lib/formdata.c, lib/strdup.{c,h}, lib/url.c, lib/urldata.h,
      src/Makefile.inc.
    - CVE-2014-3707
 -- Marc Deslauriers <email address hidden> Thu, 06 Nov 2014 12:03:12 -0500
Source diff to previous version
CVE-2014-3707 duphandle read out of bounds

Version: 7.22.0-3ubuntu4.10 2014-09-15 14:06:51 UTC

  curl (7.22.0-3ubuntu4.10) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect cookie handling via partial literal IP
    addresses
    - debian/patches/CVE-2014-3613.patch: only use full host matches for
      hosts used as IP address in lib/cookie.c, added tests to
      tests/data/test1105, tests/data/test31, tests/data/test8.
    - CVE-2014-3613
 -- Marc Deslauriers <email address hidden> Fri, 12 Sep 2014 08:39:14 -0400
Source diff to previous version
CVE-2014-3613 libcurl cookie leak with IP address as domain

Version: 7.22.0-3ubuntu4.8 2014-04-14 20:07:13 UTC

  curl (7.22.0-3ubuntu4.8) precise-security; urgency=medium

  * SECURITY UPDATE: wrong re-use of connections
    - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
      HTTP logic, and extend new connection logic to other protocols in
      lib/http.c, lib/url.c, lib/urldata.h, add new tests to
      tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
    - CVE-2014-0138
  * SECURITY UPDATE: incorrect wildcard SSL certificate validation with
    literal IP addresses
    - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
      lib/ssluse.c.
    - CVE-2014-0139
  * debian/patches/fix_test172.path: fix expired cookie causing test to
    fail.
  * debian/patches/disable_test519.path: disable test 519 as security
    update causes it to hang. Fixing this would require backporting new
    logic into tests/server/sws.c.
 -- Marc Deslauriers <email address hidden> Tue, 01 Apr 2014 17:02:01 -0400
Source diff to previous version
CVE-2014-0138 libcurl wrong re-use of connections
CVE-2014-0139 libcurl IP address wildcard certificate validation

Version: 7.22.0-3ubuntu4.7 2014-02-04 00:06:23 UTC

  curl (7.22.0-3ubuntu4.7) precise-security; urgency=medium

  * SECURITY UPDATE: information disclosure via incorrect NTLM credential
    reuse
    - debian/patches/CVE-2014-0015.patch: don't reuse connections if NTLM
      auth is used in lib/url.c.
    - CVE-2014-0015
 -- Marc Deslauriers <email address hidden> Fri, 31 Jan 2014 08:35:16 -0500


About   -   Send Feedback to @ubuntu_updates