Source: curl Version: 7.38.0-4 Severity: serious Tags: patch security upstream fixed-upstream Justification: regression with respect to stable with security fixes Control: fixed -1 7.38.0-4+deb8u10 Control: fixed -1 7.52.1-5+deb9u5
Hi, the following vulnerabilities were published for curl. CVE-2018-1000120[0]: | A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 | in the FTP URL handling that allows an attacker to cause a denial of | service or worse. CVE-2018-1000121[1]: | A NULL pointer dereference exists in curl 7.21.0 to and including curl | 7.58.0 in the LDAP code that allows an attacker to cause a denial of | service CVE-2018-1000122[2]: | A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 | in the RTSP+RTP handling code that allows an attacker to cause a | denial of service or information leakage If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000120 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120 [1] https://security-tracker.debian.org/tracker/CVE-2018-1000121 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121 [2] https://security-tracker.debian.org/tracker/CVE-2018-1000122 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122 Regards, Salvatore