Debian Package Tracker

general

source: curl (main)
version: 7.74.0-1
maintainer: Alessandro Ghedini (DMD)
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.38.0-4+deb8u11
o-o-sec: 7.38.0-4+deb8u16
oldstable: 7.52.1-5+deb9u10
old-sec: 7.52.1-5+deb9u13
stable: 7.64.0-4+deb10u1
stable-sec: 7.64.0-4+deb10u1
testing: 7.74.0-1
unstable: 7.74.0-1

versioned links

7.38.0-4+deb8u11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.38.0-4+deb8u16: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.52.1-5+deb9u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.52.1-5+deb9u13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.64.0-4+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.74.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

curl (33 bugs: 1, 22, 10, 0)
libcurl3-gnutls (7 bugs: 0, 7, 0, 0)
libcurl3-nss (1 bugs: 0, 1, 0, 0)
libcurl4 (2 bugs: 1, 1, 0, 0)
libcurl4-doc
libcurl4-gnutls-dev
libcurl4-nss-dev
libcurl4-openssl-dev (3 bugs: 0, 3, 0, 0)

action needed

6 security issues in buster high

There are 6 open security issues in buster.

3 important issues:

CVE-2020-8284: A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2020-8285: curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

3 issues skipped by the security teams:

CVE-2020-8169: curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
CVE-2020-8177: curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVE-2020-8231: Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

Please fix them.

Created: 2020-06-24 Last update: 2021-01-06 22:30

7 bugs tagged patch in the BTS normal

The BTS contains patches fixing 7 bugs (8 if counting merged bugs), consider including or untagging them.

Created: 2020-10-19 Last update: 2021-01-24 13:30

Depends on packages which need a new maintainer normal

The packages that curl depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2019-11-22 Last update: 2021-01-24 12:32

lintian reports 4 warnings normal

Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-09-21 06:01

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libcurl4-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2021-01-24 12:12

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-01-07] curl 7.74.0-1 MIGRATED to testing (Debian testing watch)
[2020-12-31] Accepted curl 7.74.0-1 (source) into unstable (Alessandro Ghedini)
[2020-12-18] Accepted curl 7.52.1-5+deb9u13 (source) into oldstable (Roberto C. Sánchez) (signed by: Roberto C. Sanchez)
[2020-09-26] Accepted curl 7.52.1-5+deb9u12 (source amd64 all) into oldstable (Thorsten Alteholz)
[2020-08-29] curl 7.72.0-1 MIGRATED to testing (Debian testing watch)
[2020-08-29] curl 7.72.0-1 MIGRATED to testing (Debian testing watch)
[2020-08-24] Accepted curl 7.72.0-1 (source) into unstable (Alessandro Ghedini)
[2020-07-28] Accepted curl 7.52.1-5+deb9u11 (source amd64 all) into oldstable (Thorsten Alteholz)
[2020-02-29] curl 7.68.0-1 MIGRATED to testing (Debian testing watch)
[2020-02-25] Accepted curl 7.52.1-5+deb9u10 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Alessandro Ghedini)
[2020-02-25] Accepted curl 7.64.0-4+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2020-02-24] Accepted curl 7.52.1-5+deb9u10 (source) into oldstable->embargoed, oldstable (Alessandro Ghedini)
[2020-02-24] Accepted curl 7.64.0-4+deb10u1 (source) into stable->embargoed, stable (Alessandro Ghedini)
[2020-02-22] Accepted curl 7.68.0-1 (source) into unstable (Alessandro Ghedini)
[2019-12-07] curl 7.67.0-2 MIGRATED to testing (Debian testing watch)
[2019-12-01] Accepted curl 7.67.0-2 (source) into unstable (Alessandro Ghedini)
[2019-11-30] Accepted curl 7.67.0-1 (source) into unstable (Alessandro Ghedini)
[2019-09-21] curl 7.66.0-1 MIGRATED to testing (Debian testing watch)
[2019-09-15] Accepted curl 7.66.0-1 (source) into unstable (Alessandro Ghedini)
[2019-09-13] Accepted curl 7.38.0-4+deb8u16 (source amd64 all) into oldoldstable (Chris Lamb)
[2019-08-15] curl 7.65.3-1 MIGRATED to testing (Debian testing watch)
[2019-08-09] Accepted curl 7.65.3-1 (source) into unstable (Alessandro Ghedini)
[2019-07-18] curl 7.65.1-1 MIGRATED to testing (Debian testing watch)
[2019-07-13] Accepted curl 7.65.1-1 (source) into unstable (Alessandro Ghedini)
[2019-06-17] curl 7.64.0-4 MIGRATED to testing (Debian testing watch)
[2019-06-14] Accepted curl 7.64.0-4 (source) into unstable (Alessandro Ghedini)
[2019-05-25] Accepted curl 7.38.0-4+deb8u15 (source amd64 all) into oldstable (Markus Koschany)
[2019-05-18] curl 7.64.0-3 MIGRATED to testing (Debian testing watch)
[2019-05-12] Accepted curl 7.64.0-3 (source) into unstable (Alessandro Ghedini)
[2019-04-02] curl 7.64.0-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 48 52
RC: 2
I&N: 36 38
M&W: 10 12
F&P: 0
patch: 7 8

links

homepage
lintian (0, 4)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.72.0-1ubuntu1
59 bugs (3 patches)
patches for 7.72.0-1ubuntu1