← Back to branch summary

~ubuntu-branches/ubuntu/vivid/curl/vivid-security

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-04-29 09:09:44 UTC
  • Revision ID: package-import@ubuntu.com-20150429090944-ybz4uzhk1zcez40y
Tags: 7.38.0-3ubuntu2.2
* SECURITY UPDATE: NTLM connection reuse when unauthenticated
  - debian/patches/CVE-2015-3143.patch: require credentials to match in
    lib/url.c.
  - CVE-2015-3143
* SECURITY UPDATE: host name out of boundary memory access
  - debian/patches/CVE-2015-3144.patch: check for valid length in
    lib/url.c.
  - CVE-2015-3144
* SECURITY UPDATE: cookie parser out of boundary memory access
  - debian/patches/CVE-2015-3145.patch: properly handle a single double
    quote in lib/cookie.c.
  - CVE-2015-3145
* SECURITY UPDATE: negotiate not treated as connection-oriented
  - debian/patches/CVE-2015-3148.patch: close Negotiate connections when
    done in lib/http.c.
  - CVE-2015-3148
* SECURITY UPDATE: sensitive HTTP server headers disclosure to proxies
  - debian/patches/CVE-2015-3153.patch: make HTTP headers separated in
    docs/libcurl/opts/CURLOPT_HEADEROPT.3, lib/url.c,
    tests/data/test1527, tests/data/test287, tests/libtest/lib1527.c.
  - CVE-2015-3153
Filename Latest Rev Last Changed Committer Comment Size
..
01_runtests_gdb.patch 3.4.29 11 years ago Package Import Robot * New upstream release - Reject numerical IPv6 a Diff
02_art_http_scripting.patch 3.4.29 11 years ago Package Import Robot * New upstream release - Reject numerical IPv6 a Diff
03_keep_symbols_compat.patch 3.4.29 11 years ago Package Import Robot * New upstream release - Reject numerical IPv6 a Diff
04_workaround_as_needed_bug.patch 3.4.29 11 years ago Package Import Robot * New upstream release - Reject numerical IPv6 a Diff
06_always-disable-valgrind.patch 3.4.32 11 years ago Package Import Robot * Add 05_fix-git-over-https.patch (Closes: #690551 Diff
07_do-not-disable-debug-symbols.patch 3.4.33 11 years ago Package Import Robot * Add 07_do-not-disable-debug-symbols.patch, do no Diff
08_fix-spelling.patch 3.4.50 9 years ago Package Import Robot * New upstream release - Only use full host matc Diff
09_libtoolize_check.patch 3.4.51 9 years ago Package Import Robot * Check for libtoolize instead of libtool during b Diff
10_fix-resolver.patch 3.4.51 9 years ago Package Import Robot * Check for libtoolize instead of libtool during b Diff
11_CVE-2014-3707.patch 3.4.52 9 years ago Package Import Robot * Enable all hardening options (Closes: #763372) * Diff
90_gnutls.patch 3.4.29 11 years ago Package Import Robot * New upstream release - Reject numerical IPv6 a Diff
99_nss.patch 3.4.29 11 years ago Package Import Robot * New upstream release - Reject numerical IPv6 a Diff
CVE-2014-8150.patch 85 9 years ago Package Import Robot * SECURITY UPDATE: URL request injection - debia Diff
CVE-2015-3143.patch 86 9 years ago Package Import Robot * SECURITY UPDATE: NTLM connection reuse when unau Diff
CVE-2015-3144.patch 86 9 years ago Package Import Robot * SECURITY UPDATE: NTLM connection reuse when unau Diff
CVE-2015-3145.patch 86 9 years ago Package Import Robot * SECURITY UPDATE: NTLM connection reuse when unau Diff
CVE-2015-3148.patch 86 9 years ago Package Import Robot * SECURITY UPDATE: NTLM connection reuse when unau Diff
CVE-2015-3153.patch 86 9 years ago Package Import Robot * SECURITY UPDATE: NTLM connection reuse when unau Diff
.quilt_patches 3.4.30 11 years ago Package Import Robot * New upstream release * Update upstream copyright 15 bytes Diff Download File
.quilt_series 3.4.30 11 years ago Package Import Robot * New upstream release * Update upstream copyright 7 bytes Diff Download File
.version 3.4.4 14 years ago Bazaar Package Importer * New Maintainer (closes: #574137). * Bug #533669 2 bytes Diff Download File
applied-patches 86 9 years ago Package Import Robot * SECURITY UPDATE: NTLM connection reuse when unau 426 bytes Diff Download File