Debian Package Tracker

general

source: curl (main)
version: 7.60.0-2
maintainer: Alessandro Ghedini [DMD]
uploaders: Ian Jackson [DMD]
arch: all any
std-ver: 4.1.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.26.0-1+wheezy13
o-o-sec: 7.26.0-1+wheezy25+deb7u1
oldstable: 7.38.0-4+deb8u11
old-sec: 7.38.0-4+deb8u11
stable: 7.52.1-5+deb9u6
stable-sec: 7.52.1-5+deb9u6
testing: 7.60.0-2
unstable: 7.60.0-2

versioned links

7.26.0-1+wheezy13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.26.0-1+wheezy25+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.38.0-4+deb8u11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.52.1-5+deb9u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.56.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.58.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.60.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.60.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

curl
libcurl3-gnutls
libcurl3-nss
libcurl4
libcurl4-doc
libcurl4-gnutls-dev
libcurl4-nss-dev
libcurl4-openssl-dev

action needed

A new upstream version is available: 7.61.0 high

A new upstream version 7.61.0 is available, you should consider packaging it.

Created: 2018-07-15 Last update: 2018-07-22 14:06

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2018-0500: Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Please fix it.

Created: 2018-07-11 Last update: 2018-07-18 08:10

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-0500: Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Please fix it.

Created: 2018-07-11 Last update: 2018-07-18 08:10

lintian reports 16 warnings high

Lintian reports 16 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-04 Last update: 2018-05-29 07:46

Depends on packages which need a new maintainer normal

The packages that curl depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-12-02 Last update: 2018-07-22 14:14

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs (5 if counting merged bugs), consider including or untagging them.

Created: 2017-11-21 Last update: 2018-07-22 13:40

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libcurl4-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2018-07-22 14:21

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
CVE-2016-9586: curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
CVE-2016-8625:
CVE-2016-7141: curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

Please fix them.

Created: 2016-09-06 Last update: 2018-07-18 08:10

news

[rss feed]

[2018-05-31] curl 7.60.0-2 MIGRATED to testing (Debian testing watch)
[2018-05-28] Accepted curl 7.60.0-2 (source amd64 all) into unstable, unstable (Alessandro Ghedini)
[2018-05-25] curl 7.60.0-1 MIGRATED to testing (Debian testing watch)
[2018-05-18] Accepted curl 7.60.0-1 (source) into unstable (Alessandro Ghedini)
[2018-05-17] Accepted curl 7.52.1-5+deb9u6 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2018-05-17] Accepted curl 7.38.0-4+deb8u11 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Alessandro Ghedini)
[2018-05-16] Accepted curl 7.38.0-4+deb8u11 (source amd64 all) into oldstable->embargoed, oldstable (Alessandro Ghedini)
[2018-05-16] Accepted curl 7.52.1-5+deb9u6 (source amd64 all) into stable->embargoed, stable (Alessandro Ghedini)
[2018-05-16] Accepted curl 7.26.0-1+wheezy25+deb7u1 (source amd64) into oldoldstable (Chris Lamb)
[2018-03-18] Accepted curl 7.26.0-1+wheezy25 (source armhf) into oldoldstable (Santiago R.R.) (signed by: Santiago Ruano Rincón)
[2018-03-18] Accepted curl 7.26.0-1+wheezy25 (source armhf) into oldoldstable (Santiago R.R.) (signed by: Santiago Ruano Rincón)
[2018-03-17] Accepted curl 7.38.0-4+deb8u10 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Alessandro Ghedini)
[2018-03-17] Accepted curl 7.52.1-5+deb9u5 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2018-03-14] Accepted curl 7.52.1-5+deb9u5 (source amd64 all) into stable->embargoed, stable (Alessandro Ghedini)
[2018-03-14] Accepted curl 7.38.0-4+deb8u10 (source amd64 all) into oldstable->embargoed, oldstable (Alessandro Ghedini)
[2018-03-01] Accepted curl 7.58.0-3 (source amd64 all) into experimental, experimental (Alessandro Ghedini)
[2018-02-10] Accepted curl 7.38.0-4+deb8u9 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Alessandro Ghedini)
[2018-02-08] Accepted curl 7.52.1-5+deb9u4 (source) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2018-01-30] curl 7.58.0-2 MIGRATED to testing (Debian testing watch)
[2018-01-29] Accepted curl 7.26.0-1+wheezy24 (source amd64) into oldoldstable (Thorsten Alteholz)
[2018-01-24] Accepted curl 7.58.0-2 (source amd64 all) into unstable (Alessandro Ghedini)
[2018-01-24] Accepted curl 7.58.0-1 (source) into unstable (Alessandro Ghedini)
[2017-12-06] curl 7.57.0-1 MIGRATED to testing (Debian testing watch)
[2017-12-02] Accepted curl 7.38.0-4+deb8u8 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Yves-Alexis Perez)
[2017-12-02] Accepted curl 7.52.1-5+deb9u3 (source) into proposed-updates->stable-new, proposed-updates (Yves-Alexis Perez)
[2017-11-30] Accepted curl 7.57.0-1 (source) into unstable (Alessandro Ghedini)
[2017-11-30] Accepted curl 7.26.0-1+wheezy23 (source amd64) into oldoldstable (Thorsten Alteholz)
[2017-11-18] Accepted curl 7.38.0-4+deb8u7 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Alessandro Ghedini)
[2017-11-12] Accepted curl 7.52.1-5+deb9u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2017-10-29] curl 7.56.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 35 39
RC: 1
I&N: 25 27
M&W: 9 11
F&P: 0

links

homepage
lintian (0, 16)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.60.0-2ubuntu1
50 bugs (5 patches)
patches for 7.60.0-2ubuntu1