UbuntuUpdates.org

Package "curl"

Name: curl

Description:

command line tool for transferring data with URL syntax

Latest version: 7.35.0-1ubuntu2
Release: trusty (14.04)
Level: base
Repository: main
Homepage: http://curl.haxx.se

Links


Download "curl"


Other versions of "curl" in Trusty

Repository Area Version
security main 7.35.0-1ubuntu2.20
updates main 7.35.0-1ubuntu2.20

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.35.0-1ubuntu2 2014-04-01 19:07:05 UTC

  curl (7.35.0-1ubuntu2) trusty; urgency=medium

  * SECURITY UPDATE: wrong re-use of connections
    - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
      HTTP logic, and extend new connection logic to other protocols in
      lib/http.c, lib/url.c, lib/urldata.h, add new tests to
      tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
    - CVE-2014-0138
  * SECURITY UPDATE: incorrect wildcard SSL certificate validation with
    literal IP addresses
    - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
      lib/hostcheck.c, added tests to tests/data/Makefile.am,
      tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
    - CVE-2014-0139
  * debian/patches/fix_test172.path: fix expired cookie causing test to
    fail.
 -- Marc Deslauriers <email address hidden> Tue, 01 Apr 2014 09:25:23 -0400

CVE-2014-0138 libcurl wrong re-use of connections
CVE-2014-0139 libcurl IP address wildcard certificate validation



About   -   Send Feedback to @ubuntu_updates