-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 20:34:17 +0100 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: i386 Version: 7.74.0-1.3+deb11u8 Distribution: bullseye Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Samuel Henrique Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium . * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533: TELNET option IAC injection - CVE-2023-27534: SFTP path ~ resolving discrepancy - CVE-2023-27535: FTP too eager connection reuse - CVE-2023-27536: GSS delegation too eager connection re-use - CVE-2023-27538: SSH connection too eager reuse still * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), required for CVE-2023-27535. Checksums-Sha1: 99874d65923cd94ecfd03100aae8c926ce5e7a8a 128664 curl-dbgsym_7.74.0-1.3+deb11u8_i386.deb d1e666ab1256daf5081a3f6584ed54fe6edac625 12379 curl_7.74.0-1.3+deb11u8_i386-buildd.buildinfo 12f4cc1eea235b37274dbc8cd6deeea76b1c0acc 274512 curl_7.74.0-1.3+deb11u8_i386.deb d4d0a7c0ad4dfb381309c82ddbb8e604d464b85b 739000 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_i386.deb 4ca2197d3031ee9f569481afe5340fe26f3c988e 373204 libcurl3-gnutls_7.74.0-1.3+deb11u8_i386.deb 02da8281ba3072447cb3348bab57c662212e1a0a 778224 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_i386.deb e8eee3d1548cfb6019232ccd0f6fc27d7b2d705b 379600 libcurl3-nss_7.74.0-1.3+deb11u8_i386.deb 307d5fba4634404bb7b9722ed09cd2be1d2f922b 753216 libcurl4-dbgsym_7.74.0-1.3+deb11u8_i386.deb 0dad9a4b8fcaa212cc1b1eeb2431755aba3be483 477400 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_i386.deb 918e456cafc32420cd3571614b65ac44e1c8b75b 484884 libcurl4-nss-dev_7.74.0-1.3+deb11u8_i386.deb 445b71c98a5bfdf34b70cfdef265cd67f1f173a0 481516 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_i386.deb 63c1c6ef4cbf0dc70ec0c60b8b7c32c8f36471cd 376984 libcurl4_7.74.0-1.3+deb11u8_i386.deb Checksums-Sha256: e028b7d099e257957415b32d20054957b2e8ac48f70f2594b0b7704c2ba49d88 128664 curl-dbgsym_7.74.0-1.3+deb11u8_i386.deb a99f2721163ba1d4b9bd20c6353b72cd54570bdb39eb8de14616792eb52136c4 12379 curl_7.74.0-1.3+deb11u8_i386-buildd.buildinfo a9a6947dae3120bdc72cb5bee6148776cfa227035011486ec9ec7ed2c2b5d00a 274512 curl_7.74.0-1.3+deb11u8_i386.deb cc04d654fd049db01dc9e1411b2027ba667164f881395880d4f0cf33b3b46c03 739000 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_i386.deb 22eed97021939ba2413f7abc7842c91e299245db0b6c490b468ca3edf4c97f21 373204 libcurl3-gnutls_7.74.0-1.3+deb11u8_i386.deb b9cadfe31cea03c7026995b5d68b4769592dbef25bc64087a10139b549762df4 778224 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_i386.deb 6cdf9f86c404722638113f0f37992c9af2603d41f1bdd223939fc510991c908d 379600 libcurl3-nss_7.74.0-1.3+deb11u8_i386.deb c06af297939e115eeb3d3c442485359017068e99a987ecc2693ae62ab9b6a3ce 753216 libcurl4-dbgsym_7.74.0-1.3+deb11u8_i386.deb aa4704ef03751bdcaa695ed2c3dd52b56531dea3f6a65c528d2bc3e8d33fb8f3 477400 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_i386.deb 7895b3923c3731a5aa0e485227c248c06166183400b29a0678d3510bd031030c 484884 libcurl4-nss-dev_7.74.0-1.3+deb11u8_i386.deb 6c112e741d5970415b4c83bd50251b064dddb64f8bfa3f9d9bd3818f59892909 481516 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_i386.deb ea2821436c4a43403832565b56db047dbab92d73bcbc5f210a4ec93dbb36bf7a 376984 libcurl4_7.74.0-1.3+deb11u8_i386.deb Files: 9a3712e63c145bffe71943c39037ca32 128664 debug optional curl-dbgsym_7.74.0-1.3+deb11u8_i386.deb 2d43386dd69be489d95f11e5749e619f 12379 web optional curl_7.74.0-1.3+deb11u8_i386-buildd.buildinfo 2c9dc1859a820499c6cddd448b83d62a 274512 web optional curl_7.74.0-1.3+deb11u8_i386.deb 8857acb678b6923370ab36b9e4bbe75e 739000 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_i386.deb 7b891de0f0da3ddb493218c80ed9aab0 373204 libs optional libcurl3-gnutls_7.74.0-1.3+deb11u8_i386.deb 11d2fddde51d2af54cbf01caca388753 778224 debug optional libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_i386.deb 7736f6627b95d63da81c0da35656951f 379600 libs optional libcurl3-nss_7.74.0-1.3+deb11u8_i386.deb 9cf3f6ca8fe454602e24193d9e4a02a0 753216 debug optional libcurl4-dbgsym_7.74.0-1.3+deb11u8_i386.deb a2e09fddad4515908e87da19ee51523e 477400 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_i386.deb b589264197348783911c06ff3e503eb2 484884 libdevel optional libcurl4-nss-dev_7.74.0-1.3+deb11u8_i386.deb d904a75d2494a4aa6ceebbf28b7681ae 481516 libdevel optional libcurl4-openssl-dev_7.74.0-1.3+deb11u8_i386.deb 74ed3245a28e999c812dd022d17407ea 376984 libs optional libcurl4_7.74.0-1.3+deb11u8_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7bJOCbihllHz5a8G6bGbnoZY/NwFAmSeSfUACgkQ6bGbnoZY /Ny9aw//RePHsMvaIfQ7TeyKwQ/Eo/Dn6GigvYcysSEAJBcONeBmqE4NcZBYMc0f IJVha+BFhQxhO2c3NghWTDoGxApmIXsmN5d+vY4TFMLEXHKlLMzraPrIpm5H8gZH gQ5RHtCUzHtNIqfW++ypnHcE84/KD/vAM2kg4bWikDIXHTsqjvsV5jpzVNvYGGkW I69cwjXKxHhBqv9wFpkdrgQkmeIHgxsvkILwSl5b6x23g2S+uCrz30ycytsGYrTL osF0/81jDebDBpjxReW1dGtQN2BwLrY01v/lLIYqtexflEHqeI2s+twsZKV7ec3P xpACpfIX+3hzet8hrcAvMtcNZ965uDv86KbMegczu/YnsBoXYXryfpb2nBXLa0P8 me/9TFrYD7CumCFS9wY2Fe0QvgN51HiPfBOg2omWMPcrr0km1OLlGMzf560v4m6q FbT4Rlr0+NSCSQkDKhH1S893irTdV8Lkfc3S7QpGJjlHYPJjJnH7WGGaWaLviepv zbfd2Vh3VYXbzxF50vEXik3iPLTORJstIrP5Nlrew2pYvl5wPbvq5tT3JbKnP+tf I+CS2Fd+LsK9gFHC1A6h1xtb99wpsDJ9TLkHdR3Hujl1/wVNQlS17V1at4+1AnqC sfVgbn9v2ttaHeMVgT0p/tQhw71rMZZTphbMoHW3DoDTjSwOLn8= =UEp9 -----END PGP SIGNATURE-----