Package "libcurl3"

Name: libcurl3


easy-to-use client-side URL transfer library (OpenSSL flavour)

Latest version: 7.35.0-1ubuntu2
Release: trusty (14.04)
Level: base
Repository: main
Head package: curl
Homepage: http://curl.haxx.se


Download "libcurl3"

Other versions of "libcurl3" in Trusty

Repository Area Version
security main 7.35.0-1ubuntu2.20
updates main 7.35.0-1ubuntu2.20


Version: 7.35.0-1ubuntu2 2014-04-01 19:07:05 UTC

  curl (7.35.0-1ubuntu2) trusty; urgency=medium

  * SECURITY UPDATE: wrong re-use of connections
    - debian/patches/CVE-2014-0138.patch: fix possible issues with NTLM
      HTTP logic, and extend new connection logic to other protocols in
      lib/http.c, lib/url.c, lib/urldata.h, add new tests to
      tests/data/Makefile.am, tests/data/test1418, tests/data/test1419.
    - CVE-2014-0138
  * SECURITY UPDATE: incorrect wildcard SSL certificate validation with
    literal IP addresses
    - debian/patches/CVE-2014-0139.patch: fix wildcard logic in
      lib/hostcheck.c, added tests to tests/data/Makefile.am,
      tests/data/test1397, tests/unit/Makefile.inc, tests/unit/unit1397.c.
    - CVE-2014-0139
  * debian/patches/fix_test172.path: fix expired cookie causing test to
 -- Marc Deslauriers <email address hidden> Tue, 01 Apr 2014 09:25:23 -0400

CVE-2014-0138 libcurl wrong re-use of connections
CVE-2014-0139 libcurl IP address wildcard certificate validation

About   -   Send Feedback to @ubuntu_updates