[ubuntu/xenial-security] curl 7.47.0-1ubuntu2.19 (Accepted)

Marc Deslauriers Wed, 31 Mar 2021 03:42:25 -0700

curl (7.47.0-1ubuntu2.19) xenial-security; urgency=medium

  * SECURITY UPDATE: data leak via referer header field
    - debian/patches/urlapi.patch: backport url api support in
      include/curl/Makefile.am, include/curl/curl.h, include/curl/urlapi.h,
      lib/Makefile.inc, lib/urlapi-int.h, lib/urlapi.c,
      lib/curl_setup_once.h, lib/url.c, lib/url.h, lib/escape.c,
      lib/escape.h, docs/libcurl/symbols-in-versions.
    - debian/libcurl*.symbols: added new symbols.
    - debian/patches/CVE-2021-22876.patch: strip credentials from the
      auto-referer header field in lib/transfer.c.
    - CVE-2021-22876


Date: 2021-03-29 14:40:09.507068+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] curl 7.47.0-1ubuntu2.19 (Accepted)

Reply via email to