-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 02 Apr 2023 20:34:17 +0100
Source: curl
Built-For-Profiles: nocheck
Architecture: source
Version: 7.74.0-1.3+deb11u8
Distribution: bullseye
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Changes:
 curl (7.74.0-1.3+deb11u8) bullseye; urgency=medium
 .
   * Backport upstream patches to fix 5 CVEs:
     - CVE-2023-27533: TELNET option IAC injection
     - CVE-2023-27534: SFTP path ~ resolving discrepancy
     - CVE-2023-27535: FTP too eager connection reuse
     - CVE-2023-27536: GSS delegation too eager connection re-use
     - CVE-2023-27538: SSH connection too eager reuse still
   * d/p/add_Curl_timestrcmp.patch: New patch to backport Curl_timestrcmp(),
     required for CVE-2023-27535.
Checksums-Sha1:
 13aa0131f2db20a3482276a1b0b12e3ebe3e9fd7 2699 curl_7.74.0-1.3+deb11u8.dsc
 a0c5e2e37a61d88d63c6af3f8ef10ba0b89b6192 64716 curl_7.74.0-1.3+deb11u8.debian.tar.xz
 651dd35f9c494c34d0581e79c99a5af8338bcb96 11403 curl_7.74.0-1.3+deb11u8_amd64.buildinfo
Checksums-Sha256:
 740abed1291089bc49a84466e9e8634cbbf30957a1f4e8e5604419db878886bf 2699 curl_7.74.0-1.3+deb11u8.dsc
 f21d700292028d9e09d537b9e3c13fa4229e6f478c0b24480ed9ac288908f405 64716 curl_7.74.0-1.3+deb11u8.debian.tar.xz
 733786d458cbcbc1161df8cfa06b146dcbafb51da23710995e6155ed63c8346a 11403 curl_7.74.0-1.3+deb11u8_amd64.buildinfo
Files:
 84cc2df0b27757b29b001336bf3d9497 2699 web optional curl_7.74.0-1.3+deb11u8.dsc
 d26ef5bfe120efde64fa64f5513dbcfe 64716 web optional curl_7.74.0-1.3+deb11u8.debian.tar.xz
 0263d251e45a4e976f1f443f60b70eaf 11403 web optional curl_7.74.0-1.3+deb11u8_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmSbTtcACgkQu6n6rcz7
RwdPwA//fHUkWCHXi8lsBj+yk7OxqBhNDAx6r+oGrLPLWGz8oNIau7VFENABmn4O
MCOyRITp7CrE1WfAwVSvsB6CxlQI9q4kxnH0UHe4epso/HbwlQCExYE9A1Y28I77
GuapW4T04TjvWTbK/cnFcahDJZ0sA3531fse2KyeOr0GcEU90aJlWLVkDuIexd5C
J58uxQcid2Nlc2d4H7ADYjCsF5HGcR9pC/zOr1JwsEEtdAjza7gTlK/PP0+ApM1t
vSpq6ULQZH2F0XaPK4oRyHn8JTs5KptDXlpH72mwJnLJOh/wQfAWyFkhee+M4TG0
Znd7VrmkFHb70qS2+Bzb8S7YnFp93uQH7i6oItQAMU7neVLCIW2ztvsV6gfpZvx2
UyDI+/RTqz9f0Oo4q4VN5Zjp/4azLTE8EukdaIpYrNpLN+uykFDwxumA6NOr2SvK
6t6wFEU0MxcMDYrOBgRYk3ie9Rzx/nTcfZP9UhwllucdAgjvtgGyIoBX6/KxpwUu
9DJWQi8RITJ4z8ONOZ6rpu3TtD9VQ6GrWUBcwhFi030sN5QQhb8cF8CAyCxEm7M2
MMzlsOhLWXjP2g0+0nfe//ozzubk8oF0eNB1DiF0ScT493mIQmBNMU1dL5Zjdcqi
en+VOyKcAdgCftCVqDj/A02H2w3yZxzrXJLwIuo6uDLbCSFi6Xg=
=4yUd
-----END PGP SIGNATURE-----