UbuntuUpdates.org

Package "libcurl3-nss"

Name: libcurl3-nss

Description:

easy-to-use client-side URL transfer library (NSS flavour)

Latest version: 7.47.0-1ubuntu2.16
Release: xenial (16.04)
Level: updates
Repository: main
Head package: curl
Homepage: http://curl.haxx.se

Links


Download "libcurl3-nss"


Other versions of "libcurl3-nss" in Xenial

Repository Area Version
base main 7.47.0-1ubuntu2
security main 7.47.0-1ubuntu2.16

Changelog

Version: 7.47.0-1ubuntu2.16 2020-08-19 13:06:17 UTC

  curl (7.47.0-1ubuntu2.16) xenial-security; urgency=medium

  * SECURITY UPDATE: wrong connect-only connection
    - debian/patches/CVE-2020-8231.patch: remember last connection by id,
      not by pointer in lib/connect.c, lib/easy.c, lib/multi.c, lib/url.c,
      lib/urldata.h.
    - CVE-2020-8231

 -- Marc Deslauriers <email address hidden> Thu, 13 Aug 2020 13:42:55 -0400

Source diff to previous version
CVE-2020-8231 RESERVED

Version: 7.47.0-1ubuntu2.15 2020-06-24 14:07:18 UTC

  curl (7.47.0-1ubuntu2.15) xenial-security; urgency=medium

  * SECURITY UPDATE: curl overwrite local file with -J
    - debian/patches/CVE-2020-8177.patch: -i is not OK if -J is used in
      src/tool_cb_hdr.c, src/tool_getparam.c.
    - CVE-2020-8177

 -- Marc Deslauriers <email address hidden> Wed, 17 Jun 2020 09:21:55 -0400

Source diff to previous version

Version: 7.47.0-1ubuntu2.14 2019-09-11 17:06:30 UTC
No changelog available yet.
Source diff to previous version

Version: 7.47.0-1ubuntu2.13 2019-05-22 14:06:47 UTC

  curl (7.47.0-1ubuntu2.13) xenial-security; urgency=medium

  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

 -- Marc Deslauriers <email address hidden> Thu, 16 May 2019 08:41:16 -0400

Source diff to previous version
CVE-2019-5346 RESERVED

Version: 7.47.0-1ubuntu2.12 2019-02-06 16:08:04 UTC

  curl (7.47.0-1ubuntu2.12) xenial-security; urgency=medium

  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

 -- Marc Deslauriers <email address hidden> Tue, 29 Jan 2019 08:58:54 -0500

CVE-2018-16890 curl: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read



About   -   Send Feedback to @ubuntu_updates