-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 20:34:17 +0100 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: ppc64el Version: 7.74.0-1.3+deb11u8 Distribution: bullseye Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Samuel Henrique Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium . * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533: TELNET option IAC injection - CVE-2023-27534: SFTP path ~ resolving discrepancy - CVE-2023-27535: FTP too eager connection reuse - CVE-2023-27536: GSS delegation too eager connection re-use - CVE-2023-27538: SSH connection too eager reuse still * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), required for CVE-2023-27535. Checksums-Sha1: fc307296ce53ebcc242d734074a941b33a912a54 147432 curl-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb e5d2d8fe0b9537b47d69aca8a93cb4d900ca8ceb 12523 curl_7.74.0-1.3+deb11u8_ppc64el-buildd.buildinfo e8404e2b69905396474657513529c2c85534b2f0 271440 curl_7.74.0-1.3+deb11u8_ppc64el.deb fe30c285d72ff3536ec0e54add6c1654f60b2c4f 846080 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 9db9372b647753b68a98bde9cf9c1083210aa85a 358660 libcurl3-gnutls_7.74.0-1.3+deb11u8_ppc64el.deb 70843229441f24d758ebd99b179fefbdaa82cc39 887232 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 6cb0db30072715a7ab66dff49e8190ba0db3185e 367388 libcurl3-nss_7.74.0-1.3+deb11u8_ppc64el.deb c2241fcd15d8042e4effed3d324e75d4358efb97 863576 libcurl4-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 1b0588ca836e53ee2c062b13874ddbea2ef55d8f 462312 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_ppc64el.deb 48c5f88e26b72fa8a1e0ef7b13a33fde6fe2660a 471456 libcurl4-nss-dev_7.74.0-1.3+deb11u8_ppc64el.deb 44d5135828c651ce05915dd973b23e712b4bc3fb 464464 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_ppc64el.deb b55102c7d1323a950f5e1bb93de4ae4d26fcc18b 361624 libcurl4_7.74.0-1.3+deb11u8_ppc64el.deb Checksums-Sha256: e978d68b30497ad47d5cea25fdba9ac547cdf02c24af76bb5b850a91bdb852f3 147432 curl-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 00a4281bd1099cb055ce6867a4949a83a85915ad632671ed7a6c65d6f9eb47a7 12523 curl_7.74.0-1.3+deb11u8_ppc64el-buildd.buildinfo e97be0674163a6963a22fc24dbc55c18b5883205b128f39aafd2cf5043b25e35 271440 curl_7.74.0-1.3+deb11u8_ppc64el.deb b481a26ab1d9e9c6c41b73961a49d62f050bc4e08fe4b93a7d4584bcb52205b9 846080 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 89c97ce14f1084bbc27c0e67324466880adbe8a73e4d8cb02536901618315e1e 358660 libcurl3-gnutls_7.74.0-1.3+deb11u8_ppc64el.deb 62d23efc6659ac694fc7d04f70d6741b433635b6a72e6302b04c8af7b7abad5f 887232 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 796e1efe275467f586e18f514932893ad6c113e42783204638f6e1542daf5d15 367388 libcurl3-nss_7.74.0-1.3+deb11u8_ppc64el.deb c0c1a3ffb244abb159084d261b5df2207f79005b6f126c459c96e281ea60ea44 863576 libcurl4-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 47df7e998f2dfd4d6aafa4e04539a994122b64fc981ea21f4ab061b78afa0d2c 462312 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_ppc64el.deb be2f829f16d8fc801c8d508da174115f74a533c6de87683786f93c97c58f7cec 471456 libcurl4-nss-dev_7.74.0-1.3+deb11u8_ppc64el.deb 27656431e3e440d4dbe2fc95e8b32ce6ae1df87746a8113d9c57400c9f12766a 464464 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_ppc64el.deb e7a9f66077333aa25503de400c358796d57f106b21a884dfc626eed51e354308 361624 libcurl4_7.74.0-1.3+deb11u8_ppc64el.deb Files: 76885aa230a8f4f7d0a5cc822555aedd 147432 debug optional curl-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 0c67d15bbd6fb188f345954b6eca3fc9 12523 web optional curl_7.74.0-1.3+deb11u8_ppc64el-buildd.buildinfo 76401250af3f6c096439696377fd815d 271440 web optional curl_7.74.0-1.3+deb11u8_ppc64el.deb c5203e5bf002f0809091a5b6da994941 846080 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 319b377fa40c42f37eaad0e2a4503916 358660 libs optional libcurl3-gnutls_7.74.0-1.3+deb11u8_ppc64el.deb 687ff5449592c0abd83431e9b38cf475 887232 debug optional libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb 44b9ebb31a8551d4c3a32a6e20721e42 367388 libs optional libcurl3-nss_7.74.0-1.3+deb11u8_ppc64el.deb 5bf182d1d8ad81bb60a612db13e42771 863576 debug optional libcurl4-dbgsym_7.74.0-1.3+deb11u8_ppc64el.deb a79ff7f588475979bbcf6e42c15db579 462312 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_ppc64el.deb 37d36a1519d46215fc23fe6a81e00acf 471456 libdevel optional libcurl4-nss-dev_7.74.0-1.3+deb11u8_ppc64el.deb ce9d48c7179466dc7928e077f2d5f3fa 464464 libdevel optional libcurl4-openssl-dev_7.74.0-1.3+deb11u8_ppc64el.deb 6fb4dca14c698f614499ec78d07b1702 361624 libs optional libcurl4_7.74.0-1.3+deb11u8_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmSeSUMACgkQY7DdE4sW Z/V1Jg//Qh8fquFn5QhFrJzsj1FNDD+3gg3ey8EwSMEVXVO9G4lOJdZidcVPBr+C 3Ale2CqZa+c0kHqU4UBhKOd6irkynMpfWf4m2wqQvVSPSIMWwIknNQnyFvHibhEG qBUvw3kLyZewYqr33HbClxVJOIj+nwpHgNzVHX57Lix0n68fDl60KFjYz7JzY5HK 0JAyVZlA3hoVPXx6RngdBx2tmIE+IVDCGUV8To+phoDotromAhpqXNpTFV3d3R2y LSjjSavB5twZJs70ItKDO3RYrsFNeHynf9dloj3fJbykISHpeqk9pBtBPBuzka2J kWJXeah7e2V9rZ/DB9B8VNb+S9Yh762XctNUE30/e5JG6VqIl3gGXkzm+2lpdwoC VKXvFKK7XUoEtTwL6hJfyYd3uowgyDCmv/yJdMo/rsINLLpFx5d/g+87Z2vzaLpK zIaKaqnbXqeN8QUiTqqTUdmpkht34q+NTehmdcGy1gOBGW9vqwLmn0LUEShfA66j n7GBBoM8mbw/MQSpXf4K1oELkdoNafQW4Hey48PSZG+NHTT/+JYOIhd0kSIOIDDJ sLxxw1ecNS7MiEBExmVabvckI8j3VRprG1Dfnhdy9nRJLSzrAevNIdD1tIj6/Q58 g0Ko1IZFPsfa9mWER0l50cnlVIKEFQQWwLmUd/c8je71U50q4QU= =uHO0 -----END PGP SIGNATURE-----