-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 20:34:17 +0100 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: amd64 Version: 7.74.0-1.3+deb11u8 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Samuel Henrique Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium . * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533: TELNET option IAC injection - CVE-2023-27534: SFTP path ~ resolving discrepancy - CVE-2023-27535: FTP too eager connection reuse - CVE-2023-27536: GSS delegation too eager connection re-use - CVE-2023-27538: SSH connection too eager reuse still * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), required for CVE-2023-27535. Checksums-Sha1: a3c2f7626783027eea5b125a63435835db13e621 144860 curl-dbgsym_7.74.0-1.3+deb11u8_amd64.deb b02764ee31bf170d268cb75b9c4c87c4df71cdd8 12451 curl_7.74.0-1.3+deb11u8_amd64-buildd.buildinfo b31b314d71e05498a1ca23f0cbd51721c4e1fadb 270516 curl_7.74.0-1.3+deb11u8_amd64.deb 407b34f53d2d890ff9245903b41077305078800c 821892 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_amd64.deb 6dc378ff8c32c044b2e2931eafb3c7bd71cd7e70 343000 libcurl3-gnutls_7.74.0-1.3+deb11u8_amd64.deb 0adcdb6b1e48f62b9621c25a527d595da75104bb 864652 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_amd64.deb b1b3bccca0f4ff66f30015508f7180925d819a8b 351036 libcurl3-nss_7.74.0-1.3+deb11u8_amd64.deb 305463179ae09316b8c034d19959c92c79f66ef8 839336 libcurl4-dbgsym_7.74.0-1.3+deb11u8_amd64.deb 3265425675409a8576a0822ef9bd7095b6708224 434576 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_amd64.deb f04b1c4505bf225be045a4d5d9cbf893fe8e4173 441872 libcurl4-nss-dev_7.74.0-1.3+deb11u8_amd64.deb 9af515d3a6aef3e498d0848d03e562bc652697f3 436948 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_amd64.deb e94be8e4469b488e931347c1b09f3560947d271d 346200 libcurl4_7.74.0-1.3+deb11u8_amd64.deb Checksums-Sha256: d2cf4e38b7357b6af044bab8effe64c016ffdcf50b347e4ae3ff141f34d86eba 144860 curl-dbgsym_7.74.0-1.3+deb11u8_amd64.deb 835f9810ee86aef109d778ff510c616c53e15d2aaf97ba1b47c7be601c1a14b3 12451 curl_7.74.0-1.3+deb11u8_amd64-buildd.buildinfo 8965e142be6280e94d758df2592e22352d67686c1b098ae309058e2d73ab07bc 270516 curl_7.74.0-1.3+deb11u8_amd64.deb e0d842a3afee2def08c155f01900d1fa1ffe0282516e225f1dbebf907651fe56 821892 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_amd64.deb d3e20c45a704c8d28e209b0eaa693faaeacb259381504aaad539f865b3465de0 343000 libcurl3-gnutls_7.74.0-1.3+deb11u8_amd64.deb 9addc37325429858f11efcccfc472300dbdc0efd132f580fff9a7e09a0afa08e 864652 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_amd64.deb 115b45e0a8fadd7c95e91d69405f3942e64288347bbdb47e1aabbd3e64d9cc13 351036 libcurl3-nss_7.74.0-1.3+deb11u8_amd64.deb 472df98b04c14dac792b55f448a5acf6a79a68aca790883c00e0838b373c2589 839336 libcurl4-dbgsym_7.74.0-1.3+deb11u8_amd64.deb 2ec1dd16134d898dbb8dcc05e75a1167193117fe63d9a03c3a0a62daaff130fd 434576 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_amd64.deb 63a9bd7c13a6fd1948044a30f36407d222f05858a881e98fc84cbdb0e56009fa 441872 libcurl4-nss-dev_7.74.0-1.3+deb11u8_amd64.deb dd967a593048a08e7f4136f502f1f95d6616fca7a340cfdcff69bca17624d5c2 436948 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_amd64.deb 8ba7511578baaa83b2ed678c4ece9a2b86a33f8410a4cc8917f53ee480d1af67 346200 libcurl4_7.74.0-1.3+deb11u8_amd64.deb Files: 33c08790d249af4585a4f2e99d4a0755 144860 debug optional curl-dbgsym_7.74.0-1.3+deb11u8_amd64.deb a42e18ecb734c643233862d75c3462f9 12451 web optional curl_7.74.0-1.3+deb11u8_amd64-buildd.buildinfo 69c8e333a67242476c0ac0606da81769 270516 web optional curl_7.74.0-1.3+deb11u8_amd64.deb 4cbc2af0574b78ae94f504c69e89754a 821892 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_amd64.deb 6388145157b78ecf4226f98a4b3b12f8 343000 libs optional libcurl3-gnutls_7.74.0-1.3+deb11u8_amd64.deb 897529cb054bda90e540fddb9169ed01 864652 debug optional libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_amd64.deb 8f9eb8d9797b4d7bc882a2f6e7f056a3 351036 libs optional libcurl3-nss_7.74.0-1.3+deb11u8_amd64.deb 4990c7195828e6a92567dfd81bf490d6 839336 debug optional libcurl4-dbgsym_7.74.0-1.3+deb11u8_amd64.deb a1f359b0a16ababe078a443b35b828de 434576 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_amd64.deb 7952361723ba5ecc86b334d1ed3b1080 441872 libdevel optional libcurl4-nss-dev_7.74.0-1.3+deb11u8_amd64.deb 03e1a50bcffc165d36c9274b93a3443f 436948 libdevel optional libcurl4-openssl-dev_7.74.0-1.3+deb11u8_amd64.deb 1a93e0c1267b271033388266dd458f9c 346200 libs optional libcurl4_7.74.0-1.3+deb11u8_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHWxRmfLuR591d5l2LWlxuzKfiVUFAmSeSfEACgkQLWlxuzKf iVVFrA/7BD8KrLKJKYvc//A1nYj4dWvORGiUL41d8grOoYhKMnuhKULgcR1LzFsJ wbXvS4OmDNtxQ1rthfyBDjYxRmsXX+B+P5EcTxuIcIx9ql+hJmaJ8zRxGu/kZ3jb t95wYryJ0C8wTVIaeJBnKl5cQsqA1ohLNTpv4Cg26BtJfmRE4IXv4rYMJAPWuB2i 3Sja7MdLyepzfBcUIuAbU3ove6QbQExFv5h+ZGwfxL1MnrEvjoeaUMXk4najn0CX bdFeFyUHlG3gq9X5e11pz5UAkgcSRLbu3ZXM/ZwOA8BuxzE4HYVfc29RQBfWOBsF U4HQ3hOSN5RAjDcCisCAvnvzkg3DMs5eoMX3kEQLRmmX22/m88sONceTTZWcsykE U79Olkjr9XBtc35lU5IVtEFazwHMoWpu2VgxcxoPCC2xTdPsKMWm5IXZ0/BGAgKJ WaHdalEODdnJobmcOav0mdd7qnGnZ9WNhBepQIXzQesH5nVvrnJVHJiv6OaBFqgI eBVCY7NGfph1ZUKBC614s6ltwecXgj+5XOBE/vww5KJ5EHe79yPLA9//7IkRHkbF J0KW51E/6RPlEWm6lxpxaGVuqbqCDRzlXZHKPSg1Yydv7j7zZMmpC0uqdH5GfnHV cqnCOQHPoQWfe1rm9K9VJkvq9JhVGkMTOTiL8TneZWFhBEtm8SU= =1tJq -----END PGP SIGNATURE-----