Accepted curl 7.74.0-1.2~bpo10+1 (source amd64 all) into buster-backports->backports-policy, buster-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Apr 2021 20:44:32 +0000
Source: curl
Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev
Architecture: source amd64 all
Version: 7.74.0-1.2~bpo10+1
Distribution: buster-backports
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Martin <debacle@debian.org>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 926148 926352 926812 940009 940010 940024 940129 942984 945928 948441 955785 963559 965280 965281 968831 969004 974996 977161 977162 977163 986269 986270
Changes:
curl (7.74.0-1.2~bpo10+1) buster-backports; urgency=medium
.
* Rebuild for buster-backports.
.
curl (7.74.0-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* transfer: strip credentials from the auto-referer header field
(CVE-2021-22876) (Closes: #986269)
* vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
(CVE-2021-22890) (Closes: #986270)
.
curl (7.74.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
.
[ Bruno Kleinert ]
* Fixed "Please build-depend on libidn2-dev instead of obsolete transition
package libidn2-0-dev" (Closes: #974996)
.
curl (7.74.0-1) unstable; urgency=medium
.
* New upstream release
+ Fix inferior OCSP verification as per CVE-2020-8286 (Closes: #977161)
https://curl.se/docs/CVE-2020-8286.html
+ Fix FTP wildcard stack overflow as per CVE-2020-8285 (Closes: #977162)
https://curl.se/docs/CVE-2020-8285.html
+ Fix trusting FTP PASV responses as per CVE-2020-8284 (Closes: #977163)
https://curl.se/docs/CVE-2020-8284.html
* Update debian/watch to new upstream download page layout
* Update 12_use-python3-in-tests.patch due to renamed file
* Refresh patches
* Fix cross-build due to python build dependencies.
Thanks to Helmut Grohne for the patch (Closes: #969004)
* Fix formatting in some man pages.
Thanks to Bjarni Ingi Gislason for the patch (Closes: #963559)
* Update list of documentation files to install
* Update symbols
* Bump Standards-Version to 4.5.1 (no changes needed)
* Drop removed file from d/copyright
.
curl (7.72.0-1) unstable; urgency=medium
.
* New upstream release
+ Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
(Closes: #965280)
https://curl.haxx.se/docs/CVE-2020-8169.html
+ Fix local file overwrite with -J option as per CVE-2020-8177
(Closes: #965281)
https://curl.haxx.se/docs/CVE-2020-8177.html
+ Fix wrong connect-only connection as per CVE-2020-8231 (Closes: #968831)
https://curl.haxx.se/docs/CVE-2020-8231.html
* Refresh patches
* Do not install *.la files.
Thanks to Pino Toscano for the patch. (Closes: #955785)
* Update list of doc files
* Update copyright for polarssl -> mbedtls rename
* Use python3 executable in tests
.
curl (7.68.0-1) unstable; urgency=medium
.
* New upstream release
* Bump Standards-Version to 4.5.0 (no changes needed)
* Update symbols files
* Configure default CA file with OpenSSL again (Closes: #948441)
.
curl (7.67.0-2) unstable; urgency=medium
.
* Restore :native annotation for python3 Build-Depends.
Thanks to Helmut Grohne for the patch (Closes: #945928)
.
curl (7.67.0-1) unstable; urgency=medium
.
* New upstream release
* Replace python with python3 in Build-Depends (Closes: #942984)
* Bump Standards-Version to 4.4.1 (no changes needed)
.
curl (7.66.0-1) unstable; urgency=medium
.
* New upstream release (Closes: #940024)
+ Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
https://curl.haxx.se/docs/CVE-2019-5481.html
+ Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
(Closes: #940010)
https://curl.haxx.se/docs/CVE-2019-5482.html
* Refresh patches
* Enable brotli support (Closes: #940129)
* Update *.symbols files
.
curl (7.65.3-1) unstable; urgency=medium
.
* New upstream release
* Drop 12_fix-man-errors.patch (merged upstream)
* Remove Ian Jackson from Uploaders as he has never done an upload
.
curl (7.65.1-1) unstable; urgency=medium
.
* New upstream release
+ Reduce verbose output (Closes: #926148)
+ Fix parsing URLs with link local addresses (Closes: #926812)
* Drop patches merged upstream
* Refresh patches
* Bump STandards-Version to 4.4.0 (no changes needed)
* Update entry in copyright for renamed files
* Fix some man errors.
Thanks to Bjarni Ingi Gislason for the patch (Closes: #926352)
* Add Build-Depends-Package field to symbols files
Checksums-Sha1:
4987fc665f0acbf0947f669df1f98ba046749513 2697 curl_7.74.0-1.2~bpo10+1.dsc
a54dae6125381da137415f2a830ee29aab94d446 36240 curl_7.74.0-1.2~bpo10+1.debian.tar.xz
6018239ebec930327ae3b2c489a67701b9e222e4 144808 curl-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
8d3a791a6427db5e0444b867d2237972bdb7e93f 11923 curl_7.74.0-1.2~bpo10+1_amd64.buildinfo
51cdcaefe57b0bfbf683d4c73057ecb26162926d 267504 curl_7.74.0-1.2~bpo10+1_amd64.deb
d015419686c2c813a0c9780f13e52ce6e9bde27d 808404 libcurl3-gnutls-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
9c3b1a041bbec8b3fefcda38f94c8ea2edfc73d6 337196 libcurl3-gnutls_7.74.0-1.2~bpo10+1_amd64.deb
bd12a3e4251ef2c55fcc3b6493eacf9f98e15a03 846312 libcurl3-nss-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
157046e5b4acbcebb3e43c94c75eba88fa6398aa 345148 libcurl3-nss_7.74.0-1.2~bpo10+1_amd64.deb
92cd672524dda8efdd5b88a894c8e4e71e7cfab0 826368 libcurl4-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
44546210613f8b38df99304ad4b0578676fc313b 1007968 libcurl4-doc_7.74.0-1.2~bpo10+1_all.deb
588d258bb04d4a9aaa57f4a421d984139837b1e6 428212 libcurl4-gnutls-dev_7.74.0-1.2~bpo10+1_amd64.deb
3e08ed59634ae910d05619951d05ba13e1f75242 436244 libcurl4-nss-dev_7.74.0-1.2~bpo10+1_amd64.deb
348fbdeeb6b617f1a5bffb2803f7674c045d0f2d 431748 libcurl4-openssl-dev_7.74.0-1.2~bpo10+1_amd64.deb
c738e9eaa6623a87a14edf27190fdde569ddb885 340924 libcurl4_7.74.0-1.2~bpo10+1_amd64.deb
Checksums-Sha256:
77371f671b0ded26095b91ff779027f41229edd309947017b50e97120f381a73 2697 curl_7.74.0-1.2~bpo10+1.dsc
e642fb39e3e8485b895801e480a9b3bd895997f905a6802e47a29c2a821e9631 36240 curl_7.74.0-1.2~bpo10+1.debian.tar.xz
3d34aecb84606da8e31946e26b8588d1d70133db9bbfacbd6ef931b56742a606 144808 curl-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
2fc67cbf4d6e6a824e3bf013c13e4576f27269cde12074168db0f25926b088cb 11923 curl_7.74.0-1.2~bpo10+1_amd64.buildinfo
6884c89a7ba93f72077d7e24df053f4d5bb7f288f30eaa513a2da25cf58271c4 267504 curl_7.74.0-1.2~bpo10+1_amd64.deb
ddbbe7d81dc21b6c4e76cd2821935c26f23e3640bfe28efd416bc88d5cd66eb3 808404 libcurl3-gnutls-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
46d8f0915405e077794b8a971bf47e2dc5d98fb75f10ea4fba5d10ed378c2e07 337196 libcurl3-gnutls_7.74.0-1.2~bpo10+1_amd64.deb
bf382e19654efc71ba9940ab2f745159623caa7e241b2192588296f5f6bdea73 846312 libcurl3-nss-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
a8041a50aa92fb96d25c1c4feed58ca18efa31df174a63c2300192c286af7f1b 345148 libcurl3-nss_7.74.0-1.2~bpo10+1_amd64.deb
49dd48b3b56dfec7e15a9bbf79a2ffd7501be2fc083448c71216f7852486b5b1 826368 libcurl4-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
fd7cf669c4d1f5caf41db153e1a242950f8a041634fa571e7753d5bc9c948326 1007968 libcurl4-doc_7.74.0-1.2~bpo10+1_all.deb
9ff91e34031e7737ebeb062d2d26b2b78234b12e46478471f319d084ce181d57 428212 libcurl4-gnutls-dev_7.74.0-1.2~bpo10+1_amd64.deb
e81c6c6148573605f3d1b50478dae3657c3400eef6c0c4cd6ffdb6d7b9c67074 436244 libcurl4-nss-dev_7.74.0-1.2~bpo10+1_amd64.deb
85b0ebcfd5b93e8b8923324216fb151bb0e27363062d3fdba0b1fba4e16cbf87 431748 libcurl4-openssl-dev_7.74.0-1.2~bpo10+1_amd64.deb
161922932320201fb889d3d3e7fed99754e16a3df9973688fb14300d4b4b9ae1 340924 libcurl4_7.74.0-1.2~bpo10+1_amd64.deb
Files:
0d9ec8e0ee393417c0f8025573f39511 2697 web optional curl_7.74.0-1.2~bpo10+1.dsc
660dd91d17275f988628864a7066681d 36240 web optional curl_7.74.0-1.2~bpo10+1.debian.tar.xz
201cc6d3a0e32d4f67a21f0c06cb16af 144808 debug optional curl-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
041c4bcac8d2311e5f2d2168f557649c 11923 web optional curl_7.74.0-1.2~bpo10+1_amd64.buildinfo
04c04fca63670ab74c72091e95effb4e 267504 web optional curl_7.74.0-1.2~bpo10+1_amd64.deb
34a2cd6539bfde8784d81ec3d04c0118 808404 debug optional libcurl3-gnutls-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
5b4cbd63469c86616a5ad8483efa808b 337196 libs optional libcurl3-gnutls_7.74.0-1.2~bpo10+1_amd64.deb
499b5677abf8c5eb8cca1d5aa7302597 846312 debug optional libcurl3-nss-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
ad2792c44c92e160705eed7614fbbb87 345148 libs optional libcurl3-nss_7.74.0-1.2~bpo10+1_amd64.deb
8142f0a0675c49bbfeea0778a29699b5 826368 debug optional libcurl4-dbgsym_7.74.0-1.2~bpo10+1_amd64.deb
8739386c1aff3a18a6b47102d1ab2a91 1007968 doc optional libcurl4-doc_7.74.0-1.2~bpo10+1_all.deb
ff716bdecd25321f1c5b7a517af4fbcc 428212 libdevel optional libcurl4-gnutls-dev_7.74.0-1.2~bpo10+1_amd64.deb
2550d9606708578a648a2bfa70a24d66 436244 libdevel optional libcurl4-nss-dev_7.74.0-1.2~bpo10+1_amd64.deb
0fe6ac58c04225d0d142b1e5a411c930 431748 libdevel optional libcurl4-openssl-dev_7.74.0-1.2~bpo10+1_amd64.deb
1a2eba6bad6f8767cedee677ecb9af57 340924 libs optional libcurl4_7.74.0-1.2~bpo10+1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEftHeo0XZoKEY1KdA4+Chwoa5Y+oFAmB3Y/sACgkQ4+Chwoa5
Y+qhHg//QokkrQTedOS0s2ZNdMgir/nDenVGjt+9ZBpOixDzU1QqNyu1xYV+gNwF
PJj4QGSRyCcSiYIAm8uyQmhUAiZiWj5bcZ5Nwp8frsurdMW4tZcFN91S0yI4/t92
abW1PA2cB5ZeQ77D69cpG7lkz60a5lSCwMEbHFLVOkpFpP3VIHvO/jbgGwOkI9Hd
rlpVKqL3syqZW5LzIZczoNFNI20zesW09lC0q1APcwvo+U7KGL2le0818qkDhzEn
jADmoDINVcJKP2kfLznM+V0xn8i+jrjdJMd2abMPCWnKuxzmmvj0D9bDeO1ftett
k0i6WIQiezlzsxYgUNQrH8bnTggQSON+dFQsWO4BKz6faZOg4lO6k/tvXoC6F8BW
fBdKiW/D+NS3DgTarPBd87fuGx304UKxHOiwD30XqN/d5EiD90fa4+zR1toX95K/
C84OcLQxt4AKDuWPxxUifpDsGikCggtxvfMsegqQWYlWswZtqvEIFvajdNqv4LYt
r7m2+yGrN+Dk69Orl9V1rlFFz3Dg3wcgjklLmbAzbmBqP7pSOgWTtxWVfNM+/AcZ
eSofozYav9EjylCOyWVZFAZByMnzKcGZxpEz8SjWY+NPBiPTD+QBvv2ePDOIGC5p
CpUg0tFgq2ZuHyspG54JeGsaYs2vt/FQRVEx0COMeT6mpJ/+X3Q=
=5iZ/
-----END PGP SIGNATURE-----
Reply to: