UbuntuUpdates.org

Package "curl"

Name: curl

Description:

command line tool for transferring data with URL syntax
Latest version: 8.9.1-2ubuntu2.2
Release: oracular (24.10)
Level: security
Repository: main
Homepage: https://curl.se/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "curl"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "curl" in Oracular

Repository Area Version
base main 8.9.1-2ubuntu2
updates main 8.9.1-2ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.9.1-2ubuntu2.2 2024-12-16 16:07:28 UTC

  curl (8.9.1-2ubuntu2.2) oracular-security; urgency=medium

  * SECURITY UPDATE: netrc and redirect credential leak
    - debian/patches/CVE-2024-11053-pre1.patch: use same credentials on
      redirect in lib/transfer.c, lib/url.c, lib/urldata.h,
      tests/data/Makefile.inc, tests/data/test998, tests/data/test999.
    - debian/patches/CVE-2024-11053.patch: address several netrc parser
      flaws in lib/netrc.c, lib/url.c, tests/data/Makefile.inc,
      tests/data/test478, tests/data/test479, tests/data/test480,
      tests/unit/unit1304.c.
    - CVE-2024-11053

 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2024 11:03:27 -0500
Source diff to previous version
CVE-2024-11053 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll

Version: 8.9.1-2ubuntu2.1 2024-11-18 18:06:51 UTC

  curl (8.9.1-2ubuntu2.1) oracular-security; urgency=medium

  * SECURITY UPDATE: HSTS expiry overwrites parent cache entry.
    - debian/patches/CVE-2024-9681.patch: Add bestsub, blen, and hostname
      comparison in lib/hsts.c.
    - CVE-2024-9681

 -- Hlib Korzhynskyy <email address hidden> Wed, 06 Nov 2024 09:10:08 -0330
CVE-2024-9681 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than oth


About   -   Send Feedback to @ubuntu_updates