UbuntuUpdates.org

Package "libcurl4-openssl-dev"

Name: libcurl4-openssl-dev

Description:

development files and documentation for libcurl (OpenSSL flavour)

Latest version: 8.9.1-2ubuntu2.2
Release: oracular (24.10)
Level: security
Repository: main
Head package: curl
Homepage: https://curl.se/

Links


Download "libcurl4-openssl-dev"


Other versions of "libcurl4-openssl-dev" in Oracular

Repository Area Version
base main 8.9.1-2ubuntu2
updates main 8.9.1-2ubuntu2.2

Changelog

Version: 8.9.1-2ubuntu2.2 2024-12-16 16:07:28 UTC

  curl (8.9.1-2ubuntu2.2) oracular-security; urgency=medium

  * SECURITY UPDATE: netrc and redirect credential leak
    - debian/patches/CVE-2024-11053-pre1.patch: use same credentials on
      redirect in lib/transfer.c, lib/url.c, lib/urldata.h,
      tests/data/Makefile.inc, tests/data/test998, tests/data/test999.
    - debian/patches/CVE-2024-11053.patch: address several netrc parser
      flaws in lib/netrc.c, lib/url.c, tests/data/Makefile.inc,
      tests/data/test478, tests/data/test479, tests/data/test480,
      tests/unit/unit1304.c.
    - CVE-2024-11053

 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2024 11:03:27 -0500

Source diff to previous version
CVE-2024-11053 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the foll

Version: 8.9.1-2ubuntu2.1 2024-11-18 18:06:51 UTC

  curl (8.9.1-2ubuntu2.1) oracular-security; urgency=medium

  * SECURITY UPDATE: HSTS expiry overwrites parent cache entry.
    - debian/patches/CVE-2024-9681.patch: Add bestsub, blen, and hostname
      comparison in lib/hsts.c.
    - CVE-2024-9681

 -- Hlib Korzhynskyy <email address hidden> Wed, 06 Nov 2024 09:10:08 -0330

CVE-2024-9681 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than oth



About   -   Send Feedback to @ubuntu_updates