[ubuntu/xenial-security] curl 7.47.0-1ubuntu2.14 (Accepted)

Alex Murray Wed, 11 Sep 2019 00:03:22 -0700

curl (7.47.0-1ubuntu2.14) xenial-security; urgency=medium

  * SECURITY UPDATE: double-free when using kerberos over FTP may cause
    denial-of-service
    - debian/patches/CVE-2019-5481.patch: update lib/security.c to avoid
      double-free on large memory allocation failures
    - CVE-2019-5481
  * SECURITY UPDATE: heap buffer overflow when receiving TFTP data may
    cause denial-of-service or remote code-execution
    - debian/patches/CVE-2019-5482.patch: ensure to use the correct block
      size when calling recvfrom() if the server returns an OACK without
      specifying a block size in lib/tftp.c
    - CVE-2019-5482


Date: 2019-09-10 13:02:14.197305+00:00
Changed-By: Alex Murray <alex.mur...@canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.14

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] curl 7.47.0-1ubuntu2.14 (Accepted)

Reply via email to