UbuntuUpdates.org

Package "libcurl3-gnutls"

Name: libcurl3-gnutls

Description:

easy-to-use client-side URL transfer library (GnuTLS flavour)

Latest version: 7.68.0-1ubuntu2.24
Release: focal (20.04)
Level: security
Repository: main
Head package: curl
Homepage: http://curl.haxx.se

Links


Download "libcurl3-gnutls"


Other versions of "libcurl3-gnutls" in Focal

Repository Area Version
base main 7.68.0-1ubuntu2
updates main 7.68.0-1ubuntu2.24

Changelog

Version: 7.68.0-1ubuntu2.24 2024-09-16 15:07:01 UTC

  curl (7.68.0-1ubuntu2.24) focal-security; urgency=medium

  * SECURITY UPDATE: OCSP stapling bypass with GnuTLS
    - debian/patches/CVE-2024-8096.patch: fix OCSP stapling management in
      lib/vtls/gtls.c.
    - CVE-2024-8096

 -- Marc Deslauriers <email address hidden> Fri, 06 Sep 2024 11:00:30 -0400

Source diff to previous version
CVE-2024-8096 When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v

Version: 7.68.0-1ubuntu2.23 2024-08-05 14:07:09 UTC

  curl (7.68.0-1ubuntu2.23) focal-security; urgency=medium

  * SECURITY UPDATE: ASN.1 date parser overread
    - debian/patches/CVE-2024-7264-pre1.patch: clean up GTime2str in
      lib/x509asn1.c.
    - debian/patches/CVE-2024-7264.patch: unittests and fixes for gtime2str
      in lib/x509asn1.c, lib/x509asn1.h, tests/data/Makefile.inc,
      tests/data/test1656, tests/unit/Makefile.inc, tests/unit/unit1656.c.
    - CVE-2024-7264

 -- Marc Deslauriers <email address hidden> Thu, 01 Aug 2024 10:17:24 -0400

Source diff to previous version
CVE-2024-7264 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect fiel

Version: 7.68.0-1ubuntu2.22 2024-03-27 14:06:51 UTC

  curl (7.68.0-1ubuntu2.22) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 push headers memory-leak
    - debian/patches/CVE-2024-2398.patch: push headers better cleanup in
      lib/http2.c.
    - CVE-2024-2398

 -- Marc Deslauriers <email address hidden> Tue, 19 Mar 2024 09:53:11 -0400

Source diff to previous version
CVE-2024-2398 HTTP/2 push headers memory-leak

Version: 7.68.0-1ubuntu2.21 2023-12-06 14:06:55 UTC

  curl (7.68.0-1ubuntu2.21) focal-security; urgency=medium

  * SECURITY UPDATE: cookie mixed case PSL bypass
    - debian/patches/CVE-2023-46218.patch: lowercase the domain names
      before PSL checks in lib/cookie.c.
    - CVE-2023-46218

 -- Marc Deslauriers <email address hidden> Wed, 29 Nov 2023 14:26:14 -0500

Source diff to previous version
CVE-2023-46218 curl: cookie mixed case PSL bypass

Version: 7.68.0-1ubuntu2.20 2023-10-11 13:06:49 UTC

  curl (7.68.0-1ubuntu2.20) focal-security; urgency=medium

  * SECURITY UPDATE: cookie injection with none file
    - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields
      in lib/cookie.c, lib/cookie.h, lib/easy.c.
    - CVE-2023-38546

 -- Marc Deslauriers <email address hidden> Tue, 03 Oct 2023 13:20:00 -0400




About   -   Send Feedback to @ubuntu_updates