This bug was fixed in the package curl - 8.9.1-2ubuntu1
---------------
curl (8.9.1-2ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2076679). Remaining changes:
- debian/control: Don't build-depend on python3-impacket and stunnel4 on
i386 so we can drop it (and its dependencies) from the i386 partial port.
It's only used for the tests, which do not block the build in any case.
- d/{control,rules}: Do not use gnutls for the curl binary.
- d/{control,rules}: Drop nghttp3 & ngtcp2 depdendencies of
libcurl-gnutls to avoid component-mismatch.
* Drop Changes:
- d/t/upstream-tests-{gnutls,openssl}: Add workaround to fix
LP: 2071468. The issue was fixed in dpkg-dev 1.22.11ubuntu1.
* New Changes:
- d/rules: Use libssh2-dev as it is in main (LP: #2076865).
curl (8.9.1-2) unstable; urgency=medium
[ Steve McIntyre ]
* Improve the patch for the gnutls build. Instead of calling quilt
during the binary package build, use autotools to do the work we
need when calling configure etc. Closes: #1077650
[ Carlos Henrique Lima Melara ]
* debian/control: bump Standards-Version to 4.7.0, no changes needed.
* debian/patches/ignore-SIGPIPE-after-init.patch: add new patch from
upstream. (Closes: #1077854)
* debian/tests/build-using-libcurl*: add tests to check if libcurl headers
and pkgconf info are correct.
curl (8.9.1-1) unstable; urgency=medium
* New upstream version 8.9.1. (Closes: 1077656)
- fix CVE-2024-7264: ASN.1 date parser overread.
* debian/patch/build-Divide-mit-[...].patch: refresh patch.
curl (8.9.0-3) unstable; urgency=medium
* debian/control: make libcurl*-dev packages Depends on -dev packages.
(Closes: #1077197, #1077190)
* debian/rules: decrease tests parallelism multiplier.
curl (8.9.0-2) unstable; urgency=medium
* debian/control: make libcurl*-dev packages Recommends -dev packages.
(Closes: #1077197, #1077190)
curl (8.9.0-1) unstable; urgency=medium
[ Samuel Henrique ]
* debian/curl.NEWS: Update wcurl description.
[ Carlos Henrique Lima Melara ]
* New upstream version 8.9.0. (Closes: #1076996)
- fix CVE-2024-6197: freeing stack buffer in utf8asn1str.
- fix CVE-2024-6874: macidn punycode buffer overread.
* debian/copyright: drop copyright from removed file.
* debian/patches/: drop merged patches and refresh patches against new
upstream release.
- docs_makefile_am_make_curl_config_1_install.patch: drop.
- fix-x509asn1-fallback-to-dotted-OID-representation.patch: drop.
* debian/gbp.conf: add upstream-branch definition.
curl (8.8.0-4) unstable; urgency=medium
[ Adrian Bunk ]
* Revert "Temporarily disable build-time tests on 32-bit non-x86"
* Don't use python3-impacket on non-Rust architectures that lack
python-cryptography
[ Lev Lazinskiy ]
* Use SALSA_CI_DPKG_BUILDPACKAGE_ARGS in pipeline
[ Samuel Henrique ]
* Update wcurl to 2024.07.10
-- Vladimir Petko <vladimir.pe...@canonical.com> Tue, 13 Aug 2024
09:16:22 +1200
** Changed in: curl (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6197
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6874
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-7264
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2076679
Title:
please merge curl 8.9.1-2 from debian/unstable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2076679/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
