-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 20:34:17 +0100 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: arm64 Version: 7.74.0-1.3+deb11u8 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Samuel Henrique Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium . * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533: TELNET option IAC injection - CVE-2023-27534: SFTP path ~ resolving discrepancy - CVE-2023-27535: FTP too eager connection reuse - CVE-2023-27536: GSS delegation too eager connection re-use - CVE-2023-27538: SSH connection too eager reuse still * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), required for CVE-2023-27535. Checksums-Sha1: 87c688e05c650cbfca87e677b44f47982f25633a 143572 curl-dbgsym_7.74.0-1.3+deb11u8_arm64.deb ba23eca73f3f63183c3284ce7dcef741498558d1 12421 curl_7.74.0-1.3+deb11u8_arm64-buildd.buildinfo 5d6cf7f8da1985e078a6ae77acdd84a2327a0926 264824 curl_7.74.0-1.3+deb11u8_arm64.deb 88e16e91eb45d4ee972afc710cbf52c452956867 822688 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 08b9648fd4bc10b291ab65dca21c6d2e43eba37b 321636 libcurl3-gnutls_7.74.0-1.3+deb11u8_arm64.deb 2a0920260f7b56ae7bd9dbb89511c283f89fa870 864088 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_arm64.deb ff1017ed623a281e9d216a6129123871e73ad0f6 330644 libcurl3-nss_7.74.0-1.3+deb11u8_arm64.deb 9fda48536b7a26511f0c829c3e590d2bf2e10a0c 840504 libcurl4-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 3b6cc102d624ce4c9ab5b65651904709e55e7363 424768 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_arm64.deb 17fb6e22a579df291f8862797f911ad48efcc753 432936 libcurl4-nss-dev_7.74.0-1.3+deb11u8_arm64.deb 68637eb299501e9fbe7e1c852755d49642ba4aa0 427868 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_arm64.deb b8489d5393271e9317d8109dbbc301232cc7a6e5 325424 libcurl4_7.74.0-1.3+deb11u8_arm64.deb Checksums-Sha256: 3c6e4835b30e7d74981d37603c94eb9bf212d7399aba3276d5e84d5d6c15e9bc 143572 curl-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 48d28d769504023ec73a9f95e94e367efbf4d8c36ff7acbc67e41e8d85141b3d 12421 curl_7.74.0-1.3+deb11u8_arm64-buildd.buildinfo 533f8cac571d04ff65e6ebb6bbbf29de2eff8e1d0de6943e5290a6a456aee62b 264824 curl_7.74.0-1.3+deb11u8_arm64.deb bb40e6424eb85e3ff0005624c5c7cbfbcf3b1f7605cfafe8c7b8962703b8204c 822688 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 63f3b9008703a559f70eee7063a3ab1998345569d474bd2c5d8245eabfcfbc24 321636 libcurl3-gnutls_7.74.0-1.3+deb11u8_arm64.deb ce2fcbf3673b892b95dba3794ed16cb8003dbc12c4325b0e72777e0cc65df66d 864088 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 8e7df78eb3aa4df743b7c71f7f5a5ace57910bcfebe9823d065380b925b49c33 330644 libcurl3-nss_7.74.0-1.3+deb11u8_arm64.deb 0237a0220e53e0a0e9ec120c93e44fa67d695d35e955f631b1f44ade7774211d 840504 libcurl4-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 55a5e5719ccaaff59df6b74d345f903b8ec9339f11ad3405775b370f123dfdf0 424768 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_arm64.deb 06e03c0ede4bd49ef0f09b1acba47d2278566a71dcc5b8647f20fd4b96e319d6 432936 libcurl4-nss-dev_7.74.0-1.3+deb11u8_arm64.deb ab622709303a7efed67e9761ed9eb41791ed26c078ecd0eace479bab558296f2 427868 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_arm64.deb 93c216158c812d05dc91902eeaa36c9a2f5b35e9bf85f10a7ac710a93a1ebfa2 325424 libcurl4_7.74.0-1.3+deb11u8_arm64.deb Files: 9d7c5b2c5047e89b85a1bb9cdc51dc58 143572 debug optional curl-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 708452343c0a71e013d1e4122e8410d5 12421 web optional curl_7.74.0-1.3+deb11u8_arm64-buildd.buildinfo 994dc0f90459825934d2ea59ac89d9d1 264824 web optional curl_7.74.0-1.3+deb11u8_arm64.deb eaa241bf3dd3aabfbcfc3f2255fb6544 822688 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 0eadb975ba9a307b140c454042a5356b 321636 libs optional libcurl3-gnutls_7.74.0-1.3+deb11u8_arm64.deb d81b0f3c38424d88428aa678ff044671 864088 debug optional libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_arm64.deb d4ad208fc227f185e74ebf1fb8f2cafd 330644 libs optional libcurl3-nss_7.74.0-1.3+deb11u8_arm64.deb f2be1d8c32bf0bace77fa5c8342fcfb4 840504 debug optional libcurl4-dbgsym_7.74.0-1.3+deb11u8_arm64.deb 9fcf147121867a9f3b7496596a729753 424768 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_arm64.deb 578fd732cf888a369d102236b87e02e8 432936 libdevel optional libcurl4-nss-dev_7.74.0-1.3+deb11u8_arm64.deb 956104676f8a6589b5a9975c5567c5fd 427868 libdevel optional libcurl4-openssl-dev_7.74.0-1.3+deb11u8_arm64.deb 603b01eeba1fe1d286c0981fb81f19a0 325424 libs optional libcurl4_7.74.0-1.3+deb11u8_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEV2QMHg/7F9BmqsxiZLztDiV8cXAFAmSeT2EACgkQZLztDiV8 cXBsIg//VNjg6E/tM2xtUB08m8yMUtYuieoOj2am3BABF5LjlVm3MSvOsHktc+3R L/vreXZRbTQf4gDgsG8acvKey7Ic7TPrUDl7s1/KK5F0HR+YE+VC21t9j5Dt3JOV f6Wm2tezussrAqQRf4lz3deT+ZvmD1RWweD2bJbnWe31Rf6SFm6zKhj7n5EiqxP1 Z/RBHEtTJq+n5fhMNpH8SqDz+KRnrtsyEU1SiBIii0u+Iv2qpdmYBSBnkno3Jfgg xDJC6ih7YwT0N2Ixvs3XUPF30c07hcZGJClMGTAZE4l/AyhvpCDCUppet+zpdL1t WfbxsCEAfOSN9Rkc451gjBU1lze1rGCMY9BsYrsIY7asDOjpMIHJVAUfj8gOrU5n tt5l+3r7+YRNbDCb4KuFsAI3tyYiak9qZgWiGPEnAEjUF4McJmsvu7YrUVoP5fAg Gzar8bx+pVf+q3tl1fAq0bY7gh2YqJ/AvvLVnp4BUtmGPa296/heHOK51RmjxCdO styys2j3Nu8dJWGyb8AJw+5lmoEKO9rEExTQ8v6rR9Ncwe2QaGucnNp/sLy+A4Va mrfYBii965WNe66wh8Gy5TjviXbZKrS3Ef6ZiIuQqw8uyK7MCRFU9cflQC/NdoFn Tz+HtdWdGDCQsugMsa4cvzameEUzTQM+8eFt7CiRozbYdazo3pQ= =JNEE -----END PGP SIGNATURE-----