-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 20:34:17 +0100 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: armel Version: 7.74.0-1.3+deb11u8 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-ubc-06) Changed-By: Samuel Henrique Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium . * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533: TELNET option IAC injection - CVE-2023-27534: SFTP path ~ resolving discrepancy - CVE-2023-27535: FTP too eager connection reuse - CVE-2023-27536: GSS delegation too eager connection re-use - CVE-2023-27538: SSH connection too eager reuse still * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), required for CVE-2023-27535. Checksums-Sha1: e3be9bc0f1242a959c8cc9b7ebfbfa9b68b02bc1 140176 curl-dbgsym_7.74.0-1.3+deb11u8_armel.deb 4d9b01396325bf6591a59ae32e813a633ed4f021 12350 curl_7.74.0-1.3+deb11u8_armel-buildd.buildinfo 9476a748fa027de0d3e4ffb8854085b57bd51999 261752 curl_7.74.0-1.3+deb11u8_armel.deb 293893d1f8d9f671c3a9f7307c6e0c526a55e1b5 792744 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_armel.deb 9f907090f0a1382488f434aae539c9d265099249 306780 libcurl3-gnutls_7.74.0-1.3+deb11u8_armel.deb 7bbce530da2b5a3fd1efbcacbb41a2ab076e757f 836368 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_armel.deb 97ea87d9186289e918e3836e3733c12a245c7d90 311904 libcurl3-nss_7.74.0-1.3+deb11u8_armel.deb 66b848bedab4bfc9b8ee2a4f1d0c6e97e4d9f8c6 811612 libcurl4-dbgsym_7.74.0-1.3+deb11u8_armel.deb 657e2343efefe63717fe024855a05fc0740285e0 402892 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_armel.deb 1f137e22021e8cb79c580c51217915b4f0056607 410672 libcurl4-nss-dev_7.74.0-1.3+deb11u8_armel.deb dcf946dad67c430e80146bb3cc70903ccc0d6b4f 405936 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_armel.deb 68ac1efedf27695965bcc58a86826c663dbba52a 309808 libcurl4_7.74.0-1.3+deb11u8_armel.deb Checksums-Sha256: 0bf73e29930a119450a1f178117c337198145322fe3ceb9f3a7fc7d5aeb13bd5 140176 curl-dbgsym_7.74.0-1.3+deb11u8_armel.deb f1b20ae040a1c48b8c1ab5c5b22e87f1d3ea4a2940be1f604bc1c85e1ce617dd 12350 curl_7.74.0-1.3+deb11u8_armel-buildd.buildinfo 3c0c741e232061650aea2456cf0bc7a2c18b7f78c081c01eaff2c68cc366b87b 261752 curl_7.74.0-1.3+deb11u8_armel.deb b4f36d8c74b7618689c94bc5c7669c269d5377c1a8ba8eb3843be24fddb61c8e 792744 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_armel.deb ce69665706e3586287f5f5b091c829bab546e18247a559e9f028c11425951bce 306780 libcurl3-gnutls_7.74.0-1.3+deb11u8_armel.deb 88753f9632c79909707e693107a98569ea4f31a88979bfc6c60a2478a6d6e286 836368 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_armel.deb f582d7bfe49d7c06f4a17d00571b06485c89ad1273709faf42ced8ba4f80afda 311904 libcurl3-nss_7.74.0-1.3+deb11u8_armel.deb 54f7c0ec85c5817c7a3b71fcdbc60dcd5f8e24360d051d77a625a7e3008a8691 811612 libcurl4-dbgsym_7.74.0-1.3+deb11u8_armel.deb 56298ba2b73c0b8a66e7e4df2c8cbb1173011e0f24f2966e280bf9faf6c9e852 402892 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_armel.deb 16e62e8d7bd2a35eeb30df933603aeaae8bcfc1e815b9975604fe06b6b684a3b 410672 libcurl4-nss-dev_7.74.0-1.3+deb11u8_armel.deb 58d0dcac2033aea6cb3342e03eb2b91a7a210c74deb2b6827130a7de07c60ce9 405936 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_armel.deb 04abf4e9515d560a85f3a9fef0cfca049ab41813c907b66909fc9aa976470742 309808 libcurl4_7.74.0-1.3+deb11u8_armel.deb Files: f4a4cdbf2dc9db6bc12d603620f68019 140176 debug optional curl-dbgsym_7.74.0-1.3+deb11u8_armel.deb 7c1ae4dccc702d562bf24ee38e54c75a 12350 web optional curl_7.74.0-1.3+deb11u8_armel-buildd.buildinfo 5a8d06fd766f6327de4a4ffa05b8b998 261752 web optional curl_7.74.0-1.3+deb11u8_armel.deb 3beefe94718da82c88c132628a9fb4d2 792744 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_armel.deb d88a0ed13205ea940d02a373939df56f 306780 libs optional libcurl3-gnutls_7.74.0-1.3+deb11u8_armel.deb faf587cdb824434c2f6803eeefc2228d 836368 debug optional libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_armel.deb 1d547c484d88961aac903c76cacdf114 311904 libs optional libcurl3-nss_7.74.0-1.3+deb11u8_armel.deb c9378de5183e579d01250f08f6be89dd 811612 debug optional libcurl4-dbgsym_7.74.0-1.3+deb11u8_armel.deb b5406d57ce2b629e9482a38dc0652830 402892 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_armel.deb 6a49c80813792d52fdce21494d23f227 410672 libdevel optional libcurl4-nss-dev_7.74.0-1.3+deb11u8_armel.deb 5a2fa15bec45c19b24a55f4984740a72 405936 libdevel optional libcurl4-openssl-dev_7.74.0-1.3+deb11u8_armel.deb 79db8671c5a171cbb1cb23408a1d3567 309808 libs optional libcurl4_7.74.0-1.3+deb11u8_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdkvJoTVAIZVYaO9cyYck2apzqqMFAmSeUMEACgkQyYck2apz qqM+qw/+PJRS+V9XP8YXbFpzdoQ65OExhh7QlTfEFLgwccTgPr0zq4nIJY1lgdUD y9Ep9yZzLHV1XPJ/g32+RtRT+VGZZrHi2HyOZsHDvIN+R4OfluwbWiI/Lc6aV436 jbTqK6HpatlnNH0z40v/KV+JI8xGjAhx5Ab+EMRUrKdNKcozo1LZKjBn9v1qNvGw /FvuF9LN+lgZ4dGReAj3FhNZdnJyJnk6Uf/grRO5WEP2HohKgGN85tYUJgVA1csH ZCSnuxCgmtgPX8Zz8uEXSYkvxoOIDo52ZLfAY002vn5rlS0r7vmOdKGsany+8cVM /1srLa/EA3vd7382JECEhO1N4R9m+tAiBYbvOjRxalWOghYgKE4rnX5Qy2Uh25+b XB8/C/hg1OSoMuI47TUyWfSAHFEjkNuZsXUk72rLmB000tSDeuZ+UpQ4KGlTInM9 VmDknSUQL3caWJCMxePSaUSMDi8eoUfLAHuRO4q43+L4ot8fxBpOPeHK/jlss+DU 3ieUf7RYxTRP0ypk8jvk0rh6ZNvIGbb4CuMsHtmJgKxNrbQHTd7caHF2RHCK5lbp Llpp0W6ej4vgSI90CkqdgKLlqeB6H2PfzgyuI0W/8LoArHoQ41Qdl/JCWupIsGB6 +F3WSGp5ZKrgWxwgLYG6CepnQqD5uUgEY51nOPap5prENF6aLcY= =UDW8 -----END PGP SIGNATURE-----