Package "libcurl4-doc"
Name: |
libcurl4-doc
|
Description: |
documentation for libcurl
|
Latest version: |
7.35.0-1ubuntu2.20 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
curl |
Homepage: |
http://curl.haxx.se |
Links
Download "libcurl4-doc"
Other versions of "libcurl4-doc" in Trusty
Changelog
curl (7.35.0-1ubuntu2.14) trusty-security; urgency=medium
* SECURITY UPDATE: leak authentication data
- debian/patches/CVE-2018-1000007.patch: prevent custom
authorization headers in redirects in lib/http.c,
lib/url.c, lib/urldata.h, tests/data/Makefile.in,
tests/data/test317, tests/data/test318.
- CVE-2018-1000007
-- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Jan 2018 17:53:40 -0300
|
Source diff to previous version |
curl (7.35.0-1ubuntu2.13) trusty-security; urgency=medium
* SECURITY UPDATE: FTP wildcard out of bounds read
- debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
setcharset in lib/curl_fnmatch.c, added tests to
tests/data/Makefile.am, tests/data/test1163.
- CVE-2017-8817
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 08:05:35 -0500
|
Source diff to previous version |
|
curl (7.35.0-1ubuntu2.12) trusty-security; urgency=medium
* SECURITY UPDATE: IMAP FETCH response out of bounds read
- debian/patches/CVE-2017-1000257.patch: check size in lib/imap.c.
- CVE-2017-1000257
-- Marc Deslauriers <email address hidden> Tue, 17 Oct 2017 13:54:46 -0400
|
Source diff to previous version |
CVE-2017-10002 |
Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config). Suppor |
|
curl (7.35.0-1ubuntu2.11) trusty-security; urgency=medium
* SECURITY UPDATE: printf floating point buffer overflow
- debian/patches/CVE-2016-9586.patch: fix floating point buffer
overflow issues in lib/mprintf.c, added test to tests/data/test557,
tests/libtest/lib557.c.
- CVE-2016-9586
* SECURITY UPDATE: TFTP sends more than buffer size
- debian/patches/CVE-2017-1000100.patch: reject file name lengths that
don't fit in lib/tftp.c.
- CVE-2017-1000100
* SECURITY UPDATE: URL globbing out of bounds read
- debian/patches/CVE-2017-1000101.patch: do not continue parsing after
a strtoul() overflow range in src/tool_urlglob.c, added test to
tests/data/Makefile.am, tests/data/test1289.
- CVE-2017-1000101
* SECURITY UPDATE: FTP PWD response parser out of bounds read
- debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
even on bad input in lib/ftp.c, added test to
tests/data/Makefile.am, tests/data/test1152.
- CVE-2017-1000254
* SECURITY UPDATE: --write-out out of buffer read
- debian/patches/CVE-2017-7407-1.patch: fix a buffer read overrun in
src/tool_writeout.c added test to tests/data/Makefile.am,
tests/data/test1440, tests/data/test1441.
- debian/patches/CVE-2017-7407-2.patch: check for end of input in
src/tool_writeout.c added test to tests/data/Makefile.am,
tests/data/test1442.
- CVE-2017-7407
-- Marc Deslauriers <email address hidden> Wed, 04 Oct 2017 09:02:01 -0400
|
Source diff to previous version |
CVE-2016-9586 |
printf floating point buffer overflow |
CVE-2017-1000 |
RESERVED |
CVE-2017-7407 |
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process me |
|
curl (7.35.0-1ubuntu2.10) trusty-security; urgency=medium
* SECURITY UPDATE: Incorrect reuse of client certificates with NSS
- debian/patches/CVE-2016-7141.patch: refuse previously loaded
certificate from file in lib/vtls/nss.c.
- CVE-2016-7141
* SECURITY UPDATE: curl escape and unescape integer overflows
- debian/patches/CVE-2016-7167.patch: deny negative string length
inputs in lib/escape.c.
- CVE-2016-7167
* SECURITY UPDATE: cookie injection for other servers
- debian/patches/CVE-2016-8615.patch: ignore lines that are too long in
lib/cookie.c.
- CVE-2016-8615
* SECURITY UPDATE: case insensitive password comparison
- debian/patches/CVE-2016-8616.patch: use case sensitive user/password
comparisons in lib/url.c.
- CVE-2016-8616
* SECURITY UPDATE: OOB write via unchecked multiplication
- debian/patches/CVE-2016-8617.patch: check for integer overflow on
large input in lib/base64.c.
- CVE-2016-8617
* SECURITY UPDATE: double-free in curl_maprintf
- debian/patches/CVE-2016-8618.patch: detect wrap-around when growing
allocation in lib/mprintf.c.
- CVE-2016-8618
* SECURITY UPDATE: double-free in krb5 code
- debian/patches/CVE-2016-8619.patch: avoid realloc in lib/security.c.
- CVE-2016-8619
* SECURITY UPDATE: glob parser write/read out of bounds
- debian/patches/CVE-2016-8620.patch: stay within bounds in
src/tool_urlglob.c.
- CVE-2016-8620
* SECURITY UPDATE: curl_getdate read out of bounds
- debian/patches/CVE-2016-8621.patch: handle cut off numbers better in
lib/parsedate.c, added tests to tests/data/test517,
tests/libtest/lib517.c.
- CVE-2016-8621
* SECURITY UPDATE: URL unescape heap overflow via integer truncation
- debian/patches/CVE-2016-8622.patch: avoid integer overflow in
lib/dict.c, lib/escape.c, update docs/libcurl/curl_easy_unescape.3.
- CVE-2016-8622
* SECURITY UPDATE: Use-after-free via shared cookies
- debian/patches/CVE-2016-8623.patch: hold deep copies of all cookies
in lib/cookie.c, lib/cookie.h, lib/http.c.
- CVE-2016-8623
* SECURITY UPDATE: invalid URL parsing with #
- debian/patches/CVE-2016-8624.patch: accept # as end of host name in
lib/url.c.
- CVE-2016-8624
-- Marc Deslauriers <email address hidden> Wed, 02 Nov 2016 15:17:12 -0400
|
CVE-2016-7141 |
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authen |
CVE-2016-7167 |
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7. |
|
About
-
Send Feedback to @ubuntu_updates