-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 20:34:17 +0100 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: armhf Version: 7.74.0-1.3+deb11u8 Distribution: bullseye Urgency: medium Maintainer: arm Build Daemon (arm-arm-01) Changed-By: Samuel Henrique Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium . * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533: TELNET option IAC injection - CVE-2023-27534: SFTP path ~ resolving discrepancy - CVE-2023-27535: FTP too eager connection reuse - CVE-2023-27536: GSS delegation too eager connection re-use - CVE-2023-27538: SSH connection too eager reuse still * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), required for CVE-2023-27535. Checksums-Sha1: e42f1508143028093904c0c12c0f1b3b2ef21428 141524 curl-dbgsym_7.74.0-1.3+deb11u8_armhf.deb d4c4aee5aa5c0274979b43feb8605d2f50986dc7 12352 curl_7.74.0-1.3+deb11u8_armhf-buildd.buildinfo 37e47c57c3d3ab6bf7e4b20d3f3a0194906705b4 261700 curl_7.74.0-1.3+deb11u8_armhf.deb 5797610c02a0a549bc9968b15dd0a2a9781b4044 808936 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_armhf.deb a08e459e2bee7313b9910ea89909f5c07ce91a06 310420 libcurl3-gnutls_7.74.0-1.3+deb11u8_armhf.deb 6a65bd40155d812e903f27165e747dc0965928fc 852080 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_armhf.deb b837625bff084b95d5125e0165d2d8b1caf146e2 316876 libcurl3-nss_7.74.0-1.3+deb11u8_armhf.deb 8092e1737e6821ea0f096ee9e189cb7e4b778a89 828856 libcurl4-dbgsym_7.74.0-1.3+deb11u8_armhf.deb 9c8fd7a1e7b5d4317ffad8e0c316164107d1bbaa 407172 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_armhf.deb 48ebcc3f61f97513d7b721084839bdcb3cff5571 414708 libcurl4-nss-dev_7.74.0-1.3+deb11u8_armhf.deb 784f01db25d052767f7486109fa50efccc30c402 410084 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_armhf.deb b6e9000842928717a4ed51cf0cdecc1b881c3833 313560 libcurl4_7.74.0-1.3+deb11u8_armhf.deb Checksums-Sha256: 7fc6053019edf42fa466ea5b9fc742f45f57d6260639aa5065234817def82460 141524 curl-dbgsym_7.74.0-1.3+deb11u8_armhf.deb 5d713e2daa200e54fdfe33eb9e53d6ebfd558f35f421fe389c98a8b8211cddd4 12352 curl_7.74.0-1.3+deb11u8_armhf-buildd.buildinfo 03bdf52311fb53910014ad6702a429e05310f4b5bf17bbab8e7af7fb7a87e8a0 261700 curl_7.74.0-1.3+deb11u8_armhf.deb 6eaf339bf537d59ae4b1fe66f1db24f38f8d15da8738258cc14417c9de069e3f 808936 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_armhf.deb afe45244d681b7cbb68038f8e641f04141b3d053bce458faa3772f7f05e69af3 310420 libcurl3-gnutls_7.74.0-1.3+deb11u8_armhf.deb f0ddd5006b4d0098030ad4b619ddd50adf67a9d136c54dd948029100b0c52242 852080 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_armhf.deb dab9c6fc08e0baa493b174cb9536338821451113544975030e863ce3ca32cd37 316876 libcurl3-nss_7.74.0-1.3+deb11u8_armhf.deb f5d7a922244b908f44e0984cdd93161044e73e1c26b11724c143d12d920e4c8e 828856 libcurl4-dbgsym_7.74.0-1.3+deb11u8_armhf.deb f71a2a7a7cf31f8d946c2484aefd7815debb8270827bf2c09a6f1298c33aefa9 407172 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_armhf.deb d868a6dc0d27951eb41dda43469e4e2eb083abb90a93eeddf89800edd476a0e0 414708 libcurl4-nss-dev_7.74.0-1.3+deb11u8_armhf.deb 4722d33257718a4810f9b9c8ecf96f93be528f2b91ca9d84b4a97aa4175a3bfe 410084 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_armhf.deb f7b64b5ac7828b9c249ce7f2047243ac825276362589f54f24d76b0282a842bf 313560 libcurl4_7.74.0-1.3+deb11u8_armhf.deb Files: ffa5601585504d3af31de5a40a0ffa3f 141524 debug optional curl-dbgsym_7.74.0-1.3+deb11u8_armhf.deb a73067b108a99240eb2fab93905e34a9 12352 web optional curl_7.74.0-1.3+deb11u8_armhf-buildd.buildinfo 3b21eeca70c1af755b215e16662fc0cb 261700 web optional curl_7.74.0-1.3+deb11u8_armhf.deb fac840a972493dc85597f04b2240f047 808936 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_armhf.deb 4fdac584551e8704ce69b1a349ca520e 310420 libs optional libcurl3-gnutls_7.74.0-1.3+deb11u8_armhf.deb b9161da0499b4a63ae1e3d91bec8007d 852080 debug optional libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_armhf.deb 3b5f8d8957c2a8050b0449c719d4fb54 316876 libs optional libcurl3-nss_7.74.0-1.3+deb11u8_armhf.deb c372676bb9f2dd6255ab113da392548f 828856 debug optional libcurl4-dbgsym_7.74.0-1.3+deb11u8_armhf.deb ab701fa65c1ccb69870a36e7dc847402 407172 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_armhf.deb 17bff41653b1579e69d2d23209837cc3 414708 libdevel optional libcurl4-nss-dev_7.74.0-1.3+deb11u8_armhf.deb 8c31d8186e2e75cad9eda3b2c8bf25ef 410084 libdevel optional libcurl4-openssl-dev_7.74.0-1.3+deb11u8_armhf.deb a7034d8a5785d7fedeafd464fe633ae8 313560 libs optional libcurl4_7.74.0-1.3+deb11u8_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4Prg5L5o4koxD5sKbi61NfD5HDwFAmSeSwsACgkQbi61NfD5 HDxbxg//aaOvebDZsCaA1H4TbY+7C1nr98ZZd8ULVbrm+8jKHAncVL8axA/Eh/uq vrlFbowmck/A6pbxI7xxPdx7ufkYt7JdN8140Qn/5gkG0E987dWtlVi2MHorIpiK j+RvdYdoWx+T6RNQ0zMmDYqC2tR5DJtCkQuRBu4y86trJ7YarqEF2wh2y0IYNcz9 XxtQ2BJ79zSID2fMEJlmycerrWnaU+FdgST+jEOdi86/FtJbR1mGk+mxEzyBprNS 2eVjJpBfwB82B0Z3A91csdkPLyt1nNpbWXHj3dEEhpXeYrS2niU8+aNL+W6dM1W6 R0o3WQKN3WiWWu0bpGokVIt31KJ2ddXPX97mDbh5C2TdIoZ6SE3I8EEjNYTxFw/L vFKtHt4/a9GrXvUfj9ZzOAXgZgV36HeRdC3A1iXJctL/x9mWGvXQ1WEJOBmvjYns g59mtq7U3uN68826YLP+14aaOr4/+RpyY4IjiwwX0SSdteNulzDNyHmPEX8gy+uI 9KnYnFk8qrmm5E5kassJSHets8xwcgsE1GgoiBvVpL8kbjeH9Buze7fRCXSidAvx WLusKzyNPxaaqhPT+sTivCRpIJu3jayw4pqCY1QYpdt7hNFmpFz+MLfkWr4sHW0a IltnTB0VhW5zLRCMX9Lsw7XyNAeScR+yMROVP8Q1Hruw56TElzc= =/O9w -----END PGP SIGNATURE-----