Debian Package Tracker

general

source: curl (source, libs)
version: 7.52.1-5
maintainer: Alessandro Ghedini [DMD]
uploaders: Ian Jackson [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.26.0-1+wheezy13
o-o-sec: 7.26.0-1+wheezy19
oldstable: 7.38.0-4+deb8u5
old-sec: 7.38.0-4+deb8u5
stable: 7.52.1-5
testing: 7.52.1-5
unstable: 7.52.1-5

versioned links

7.26.0-1+wheezy13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.26.0-1+wheezy19: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.38.0-4+deb8u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.52.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

curl
libcurl3
libcurl3-dbg
libcurl3-gnutls
libcurl3-nss
libcurl4-doc
libcurl4-gnutls-dev
libcurl4-nss-dev
libcurl4-openssl-dev

action needed

Multiarch hinter reports 4 issue(s)

high

There are issues with the multiarch metadata for this package.

libcurl4-gnutls-dev conflicts on /usr/bin/curl-config on any two of 10 archs
libcurl4-nss-dev conflicts on /usr/bin/curl-config on any two of 10 archs
libcurl4-openssl-dev conflicts on /usr/bin/curl-config on any two of 10 archs
libcurl4-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2017-06-28 07:34

A new upstream version is available: 7.54.1

high

A new upstream version 7.54.1 is available, you should consider packaging it.

Created: 2017-02-22 Last update: 2017-06-28 07:23

lintian reports 8 warnings

high

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-04 Last update: 2017-01-14 00:58

2 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 2 bugs (3 if counting merged bugs), consider including or untagging them.

Created: 2017-01-17 Last update: 2017-06-28 07:06

3 ignored security issues in wheezy

low

There are 3 open security issues in wheezy.

3 issues skipped by the security teams:

CVE-2016-0755: The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
CVE-2016-8625:
CVE-2015-3153: The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Please fix them.

Created: 2015-07-12 Last update: 2017-06-18 08:29

4 ignored security issues in jessie

low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

CVE-2016-7141: curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
CVE-2016-8625:
CVE-2016-9586:
CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.

Please fix them.

Created: 2016-09-06 Last update: 2017-06-18 08:29

news

[rss feed]

[2017-04-30] curl 7.52.1-5 MIGRATED to testing (Debian testing watch)
[2017-04-19] Accepted curl 7.52.1-5 (source amd64 all) into unstable (Alessandro Ghedini)
[2017-04-11] curl 7.52.1-4 MIGRATED to testing (Debian testing watch)
[2017-04-08] Accepted curl 7.52.1-4 (source amd64 all) into unstable (Alessandro Ghedini)
[2017-04-04] Accepted curl 7.26.0-1+wheezy19 (source amd64) into oldstable (Chris Lamb)
[2017-02-27] curl 7.52.1-3 MIGRATED to testing (Debian testing watch)
[2017-02-22] Accepted curl 7.52.1-3 (source amd64 all) into unstable (Alessandro Ghedini)
[2017-02-04] curl 7.52.1-2 MIGRATED to testing (Debian testing watch)
[2017-01-29] Accepted curl 7.52.1-2 (source amd64 all) into unstable (Alessandro Ghedini)
[2017-01-23] curl 7.52.1-1 MIGRATED to testing (Debian testing watch)
[2017-01-12] Accepted curl 7.52.1-1 (source amd64 all) into unstable (Alessandro Ghedini)
[2016-12-29] Accepted curl 7.26.0-1+wheezy18 (source amd64) into oldstable (Balint Reczey)
[2016-12-29] curl 7.51.0-1 MIGRATED to testing (Debian testing watch)
[2016-11-17] Accepted curl 7.26.0-1+wheezy17 (source amd64) into oldstable (Thorsten Alteholz)
[2016-11-05] Accepted curl 7.38.0-4+deb8u5 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2016-11-03] Accepted curl 7.51.0-1 (source amd64 all) into unstable (Alessandro Ghedini)
[2016-09-17] Accepted curl 7.26.0-1+wheezy16 (source amd64) into oldstable (Jonas Meurer)
[2016-09-09] Accepted curl 7.26.0-1+wheezy15 (source amd64) into oldstable (Balint Reczey)
[2016-08-09] curl 7.50.1-1 MIGRATED to testing (Debian testing watch)
[2016-08-09] curl 7.50.1-1 MIGRATED to testing (Debian testing watch)
[2016-08-06] Accepted curl 7.38.0-4+deb8u4 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2016-08-04] Accepted curl 7.26.0-1+wheezy14 (source amd64) into oldstable (Markus Koschany)
[2016-08-03] Accepted curl 7.50.1-1 (source amd64 all) into unstable (Alessandro Ghedini)
[2016-01-30] curl 7.47.0-1 MIGRATED to testing (Debian testing watch)
[2016-01-29] Accepted curl 7.38.0-4+deb8u3 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2016-01-27] Accepted curl 7.47.0-1 (source amd64 all) into unstable (Alessandro Ghedini)
[2016-01-02] curl 7.46.0-1 MIGRATED to testing (Debian testing watch)
[2015-12-27] Accepted curl 7.46.0-1 (source amd64 all) into unstable (Alessandro Ghedini)
[2015-10-13] curl 7.45.0-1 MIGRATED to testing (Britney)
[2015-10-07] Accepted curl 7.45.0-1 (source amd64 all) into unstable (Alessandro Ghedini)

bugs [bug history graph]

all: 30 34
RC: 0
I&N: 24 26
M&W: 6 8
F&P: 0

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.52.1-5ubuntu1
44 bugs (5 patches)
patches for 7.52.1-5ubuntu1