-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 20:34:17 +0100 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: s390x Version: 7.74.0-1.3+deb11u8 Distribution: bullseye Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Samuel Henrique Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium . * Backport upstream patches to fix 5 CVEs: - CVE-2023-27533: TELNET option IAC injection - CVE-2023-27534: SFTP path ~ resolving discrepancy - CVE-2023-27535: FTP too eager connection reuse - CVE-2023-27536: GSS delegation too eager connection re-use - CVE-2023-27538: SSH connection too eager reuse still * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(), required for CVE-2023-27535. Checksums-Sha1: 1193d775b9379f6aba2059ed9c0b3434b32eac72 147008 curl-dbgsym_7.74.0-1.3+deb11u8_s390x.deb 8e65b25aed43fe7c125b9d355256eab023065c3f 12371 curl_7.74.0-1.3+deb11u8_s390x-buildd.buildinfo 7a1d44cf7d67b97b86d21096452e8acf65d80d34 265032 curl_7.74.0-1.3+deb11u8_s390x.deb 03f41775b586482523c3f0877a01044bcc4ff732 842480 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_s390x.deb ed6076d5b52bb4f0815e28c1a05da8189f751334 320228 libcurl3-gnutls_7.74.0-1.3+deb11u8_s390x.deb 322787966deaf6af24892299e351cc05db42553f 885404 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_s390x.deb d625f836e662413f0d9bf5f1ec04034ebfaa6fd0 328436 libcurl3-nss_7.74.0-1.3+deb11u8_s390x.deb 3e459f1faa561ea36a42d5bdd1ee63496c7c6b08 860284 libcurl4-dbgsym_7.74.0-1.3+deb11u8_s390x.deb c3cea87f03d0e64327f098765f76d818aa9acbe5 417116 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_s390x.deb d0a1fb4ca2a5179def9d530c3a9d6d5f48fead4c 424996 libcurl4-nss-dev_7.74.0-1.3+deb11u8_s390x.deb 5659a737875e556f16818c34f7c8c0d4614cf46d 420112 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_s390x.deb 44a5fbc6f0b5c9d33612cdb4e7703bd4163a437a 323768 libcurl4_7.74.0-1.3+deb11u8_s390x.deb Checksums-Sha256: 13b1b572dccf620e5b4729b4c5096e46c11788fa3951754c795a60adbe228bc9 147008 curl-dbgsym_7.74.0-1.3+deb11u8_s390x.deb d9e4d10f2dc2aef42ad8dcb099c154ea164d352b377cc32f849db2aa127adff5 12371 curl_7.74.0-1.3+deb11u8_s390x-buildd.buildinfo 1dc4d899cb1b4110358dcf2ba3ecdd341d4123f4c10f0ff03b7f94c5ae85b458 265032 curl_7.74.0-1.3+deb11u8_s390x.deb eb1ea17dbb8503d6e7bc453a9243ee9471965d360bf1598d8ada26e4a4fb9b81 842480 libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_s390x.deb fbc8329582372a731bcb0a0a4100cf1223ed575eb38dee68830c1bc951577d7a 320228 libcurl3-gnutls_7.74.0-1.3+deb11u8_s390x.deb b6faf7a279f7f91c8623ba136c3561c53e1cab81c54ece66654bcf242533a2a4 885404 libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_s390x.deb 981611957d0490d12bb76b452d492b12cad8aaccb5b6066c610e1b23f5c1b5fc 328436 libcurl3-nss_7.74.0-1.3+deb11u8_s390x.deb fb77e27ab5f46638978ff710871e5d2bc6097ea2ff9cae7019742d4739904b01 860284 libcurl4-dbgsym_7.74.0-1.3+deb11u8_s390x.deb ddfe440efdb91324dee7d822c28177bd2724d0da770c0338e32611bc7ae19055 417116 libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_s390x.deb ed64232713af505e792aeffd2f22ecf4ff5483be7f608d0964c3fc04d426a5bc 424996 libcurl4-nss-dev_7.74.0-1.3+deb11u8_s390x.deb 4a022c4578d5f49d1a77db8e36aa2bbfc1b62c8c729ad574375bb9703cb9ac9e 420112 libcurl4-openssl-dev_7.74.0-1.3+deb11u8_s390x.deb e74f814dd6699494534ee046df23c417e3e272fb931582587d6682936ac1f498 323768 libcurl4_7.74.0-1.3+deb11u8_s390x.deb Files: eff1d6163c31c3dd9ace5ef47f553e56 147008 debug optional curl-dbgsym_7.74.0-1.3+deb11u8_s390x.deb a8f2c063838025cc85a4f3b2faa58c6d 12371 web optional curl_7.74.0-1.3+deb11u8_s390x-buildd.buildinfo 532ec02cf29f3732d8678c018056af6d 265032 web optional curl_7.74.0-1.3+deb11u8_s390x.deb 27b96e1759fc6b686fb906609f82ca8b 842480 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.3+deb11u8_s390x.deb 10ebb73ee89658ba71718ab303fd7b85 320228 libs optional libcurl3-gnutls_7.74.0-1.3+deb11u8_s390x.deb b55764d414147067cec58a4cf2592dc5 885404 debug optional libcurl3-nss-dbgsym_7.74.0-1.3+deb11u8_s390x.deb dc20a809fdb20d916ad464b5913881b6 328436 libs optional libcurl3-nss_7.74.0-1.3+deb11u8_s390x.deb 317f6d7ec41680d0389e8e17c3cda684 860284 debug optional libcurl4-dbgsym_7.74.0-1.3+deb11u8_s390x.deb 0a4f9e4738473477c60d158a924213aa 417116 libdevel optional libcurl4-gnutls-dev_7.74.0-1.3+deb11u8_s390x.deb 7531c90a839505b21b43b2a6c1f8ec35 424996 libdevel optional libcurl4-nss-dev_7.74.0-1.3+deb11u8_s390x.deb 6a3c1b2074f7e4ef082758529d55b1ff 420112 libdevel optional libcurl4-openssl-dev_7.74.0-1.3+deb11u8_s390x.deb ab15a219f36d8b9c42bf96d0a3c6099f 323768 libs optional libcurl4_7.74.0-1.3+deb11u8_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhBjA3afmaHyzk51IFQ1EGN3xM6QFAmSeeKsACgkQFQ1EGN3x M6QcjRAAgq3GvYAuDjj1/3veDlLmpKIo91SSwtq1SrNbK0SS1ImhAaToAqWz+bjH IK2MPHfURVXzX4ckcD5g5xI+5P493qZ6DazIepllr/jENikwQm2V5li8FUyKtOLE 2bXHYhrQVYcwIYl60sUvgXCPRjerHVF28pgN+VnyCWE9QXgZYIlBlNRV0uBp1dQK ngjx7I2uUNzaVN+YnYRgwKcDqYbAQpIqCnQwVD8UKZ4Oi4ZGJgJZiLL2Kz6nYHXz TagnxhC2zKGSgw65szC8nj8MyGSpoA7rB5jFrXweHvgBdZMkf11wMLhe2bVhJNLc 8AmXMXp6m6JElyrRKNZX5LDaEyfTAIzTkc1FFHmermtqY8MJdMHtg6nrty8URg05 DREsjX5R4XWs+g/4HuJByFGlWQ8hF3ZsWK0v7qeuaPpPW52LtYxWUGfreIUnlbB9 Yghwf8RP4io7V/QcOnChSAvl3ofbAAnvE/L4t2qxBX/d/NtVDAGkt6Vxj/UtAm+Q j0i2jfAujHRqD//H8c7+mEmBkjExS+18TpvnCA1a2vP6ehexpjcvw70LSCTxVNi4 PU23UAfbUzYebukCAktFg48mYmyUX3swD5OpHQsvewq+YLRecIQT3cddizVg5gN8 QoUNXGds2p6JqAd6O1A86pO7kX9lWvFcvcmhZZcwcyCYvHVvk0w= =rvvo -----END PGP SIGNATURE-----