-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 Apr 2024 17:42:00 -0300
Source: curl
Built-For-Profiles: nocheck
Architecture: source
Version: 7.88.1-10+deb12u6~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Guilherme Puida Moreira <guilherme@puida.xyz>
Closes: 1053643
Changes:
curl (7.88.1-10+deb12u6~bpo11+1) bullseye-backports; urgency=medium
.
* Team upload.
* Rebuild for bullseye-backports.
.
curl (7.88.1-10+deb12u6) bookworm; urgency=medium
.
* Team upload.
.
[ Sergio Durigan Junior ]
* d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
(Closes: #1053643)
.
[ Guilherme Puida Moreira ]
* Add patches to fix CVE-2024-2004 and CVE-2024-2398.
- CVE-2024-2004: When a protocol selection parameter disables all
protocols without adding any then the default set of protocols would
remain in the allowed set due to an error in the logic for removing
protocols.
- CVE-2024-2398: When an application tells libcurl it wants to allow
HTTP/2 server push and the amount of received headers for the push
surpasses the maximum allowed limit (1000), libcurl aborts the server
push and leaks the memory allocated for the previously allocated
headers.
* d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
Refresh patch.
Checksums-Sha1:
e8fdc7c36261db51ff3c3fb06fa64fed8a16a838 3284 curl_7.88.1-10+deb12u6~bpo11+1.dsc
6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz
9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc
1bb5e4fa97fd7704ed6107a4dd32135f3e132805 68484 curl_7.88.1-10+deb12u6~bpo11+1.debian.tar.xz
eaa75c6831e24ddaa2d815a3ae75cf1bba6e3d1b 11839 curl_7.88.1-10+deb12u6~bpo11+1_amd64.buildinfo
Checksums-Sha256:
b5607b1737f89449e0dccb7635bcfdfe7707af61b475a5cf9c952836db9d7c37 3284 curl_7.88.1-10+deb12u6~bpo11+1.dsc
cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562 curl_7.88.1.orig.tar.gz
7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488 curl_7.88.1.orig.tar.gz.asc
ff9db6c5abe0f82bdd4c861b16915b9fbdd26f61b63ad9e02632a10cf5f4def2 68484 curl_7.88.1-10+deb12u6~bpo11+1.debian.tar.xz
fc0ce9ab54b421767e176e2797cde3f008a5d48d9f38abb799ef5138f44b6bcc 11839 curl_7.88.1-10+deb12u6~bpo11+1_amd64.buildinfo
Files:
dcade9ba00669c30b1331f153d0430aa 3284 web optional curl_7.88.1-10+deb12u6~bpo11+1.dsc
1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz
08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc
02f1c55b73e0c648b399fce525dfd8d7 68484 web optional curl_7.88.1-10+deb12u6~bpo11+1.debian.tar.xz
67c0db35743089c7c429cffe77f791e1 11839 web optional curl_7.88.1-10+deb12u6~bpo11+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmY/U3EACgkQu6n6rcz7
RwfTPhAAgWe9vmdVolrpoUo/bhHKC+78o4u3CeQ58IfE65S+Vjvlo4jUSDv62UhM
wY+3nL4jTsRrgkVotWJewI9YlmCnGbWC4TvQ72UTzO43Lc/MrpNEg4cdZ1DpvJ4o
OYjPjLsNygy1Bi0ceBWLDvA1Qsx1fCM37X2QRHI9dWoWjmjtCN87pZiGG9JWK10Z
RkssZpurdYImMZcxungrikLJ8J5SoBPgpfyyljJyn49DWp54GMbjelosCBgotS39
yX3XTe+iahL7THxlrTQOSCVJvfIm+CckSm7MiIk7DuGPIG6I1ORbDw8mzDPajxSI
gB3lbjcWk3NLnH0aPfu1qBFijxDkN74J6vqh6SPeeMCXZGV5e/NYxXL9XsyHqjfs
YXsz8UCZxEIOlffrp4YM75WPHLL9ewqdU3f9TeB7zwBp/YyXZ1Q03YDw/acP30Vj
FEPQSKYGCvmthI/Jg4XN86BKhaekzovR0rniDJqSWOQNKgvbV/3bn0f6fB4YXDub
Ku5kZwKi98VQdskcSRaf7k+rp9laIHgJCbrnRdW5BJN0A4EwO1wAtEwi0Lur1x7W
ynGDO8goawSgc3vAw0fYcEmQJJVHCc91LyXnTnrs1TGM54bTXDNOwVSpith/GGOv
LFdLJ3RTgcxCrimtS4JfHN5vN07whBIGoMmVjMSfloSjWsCytQg=
=y9Fq
-----END PGP SIGNATURE-----
Attachment:
pgp46MtmoJZPs.pgp
Description: PGP signature