[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted curl 7.38.0-4+deb8u13 (source amd64 all) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Nov 2018 19:01:46 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source amd64 all
Version: 7.38.0-4+deb8u13
Distribution: jessie-security
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.38.0-4+deb8u13) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix the following security vulnerabilities:
   * CVE-2016-7141:
     When built with NSS and the libnsspem.so library is available at runtime,
     allows remote attacker to hijack the authentication of a TLS connection by
     leveraging reuse of a previously loaded client certificate from file for a
     connection for which no certificate has been set, a different
     vulnerability than CVE-2016-5420.
   * CVE-2016-7167:
     Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape,
     (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl allow
     attackerrs to have unspecified impact via a string of length 0xffffffff,
     which triggers a heap-based buffer overflow.
   * CVE-2016-9586:
     Curl is vulnerable to a buffer overflow when doing a large floating point
     output in libcurl's implementation of the printf() functions. If there are
     any applications that accept a format string from the outside without
     necessary input filtering, it could allow remote attacks.
   * CVE-2018-16839:
     Curl is vulnerable to a buffer overrun in the SASL authentication code that
     may lead to denial of service.
   * CVE-2018-16842:
     Curl is vulnerable to a heap-based buffer over-read in the
     tool_msgs.c:voutf() function that may result in information exposure and
     denial of service.
Checksums-Sha1:
 b34b966d02729261ecec96877371ddad1ab8d0d7 2824 curl_7.38.0-4+deb8u13.dsc
 ad36f716a2f43fe565c7bdaa0da0d3503d45bb31 56740 curl_7.38.0-4+deb8u13.debian.tar.xz
 a6ccebec9a142450aa562a0fe8fc7a1b553ba29c 201444 curl_7.38.0-4+deb8u13_amd64.deb
 d858fba70db29130d80d152657364f4fd0871060 260726 libcurl3_7.38.0-4+deb8u13_amd64.deb
 992765bfcf6f21afb514bbd214e202089b17bf9e 252808 libcurl3-gnutls_7.38.0-4+deb8u13_amd64.deb
 d11605fd4fb549d83b36fd8662c700393875348a 264186 libcurl3-nss_7.38.0-4+deb8u13_amd64.deb
 40fb2ddb28e0787b045195faee50d77330420cc3 338002 libcurl4-openssl-dev_7.38.0-4+deb8u13_amd64.deb
 c4ede5faf66c115bf9ad6941ce9950e8706cb3be 329630 libcurl4-gnutls-dev_7.38.0-4+deb8u13_amd64.deb
 da04f86e2560f32864d4873994d12268c563951d 342072 libcurl4-nss-dev_7.38.0-4+deb8u13_amd64.deb
 c75a656c4b818df9a1d0341bb7b55c00307ef671 3375356 libcurl3-dbg_7.38.0-4+deb8u13_amd64.deb
 d6c10ee74789621cf91b1814393a47dbd72d8920 1067858 libcurl4-doc_7.38.0-4+deb8u13_all.deb
Checksums-Sha256:
 0e3a424bd1c09fc2cd35711e521e2b288ef0ec6c06d899597d52a589a5e012e0 2824 curl_7.38.0-4+deb8u13.dsc
 26e740e89fe36a1ed4503b0e946dd1f8bcae23b7a7d6515986c5600b3bb352d1 56740 curl_7.38.0-4+deb8u13.debian.tar.xz
 8008eea9f79cf522064160c9599019ae5d239a8b67d4d15ce8f88ccfc1882ab3 201444 curl_7.38.0-4+deb8u13_amd64.deb
 63e0e48132d2933420c7a98cae62f1644ff6aba148dd91c7c723508534051638 260726 libcurl3_7.38.0-4+deb8u13_amd64.deb
 326beadc4fb48a27fc1e2a83c49c9094ffcbffcde5ef66ef8b8e5d359aea47cd 252808 libcurl3-gnutls_7.38.0-4+deb8u13_amd64.deb
 9e54214aa4e04aa6a0c8717c63df1022633759449728067556ed808ae657a865 264186 libcurl3-nss_7.38.0-4+deb8u13_amd64.deb
 c43dc3df54530d1c449ac59918e8b5c1b4a8ea76b79978e804aa29e9caff23b1 338002 libcurl4-openssl-dev_7.38.0-4+deb8u13_amd64.deb
 6abf3996558014b87e606abf607f7e40f15ed431043fd0e2e870caa779927909 329630 libcurl4-gnutls-dev_7.38.0-4+deb8u13_amd64.deb
 84ed2be793d877e46322f7f6c6ac0af316f7d9abb2bf14c44251651c6dec192e 342072 libcurl4-nss-dev_7.38.0-4+deb8u13_amd64.deb
 0224e5ca37af2389dd9eeedc948fb12960f17531010243e28bb8049eb89c1d07 3375356 libcurl3-dbg_7.38.0-4+deb8u13_amd64.deb
 e474b15ed88426d9d2923d976910156ff21328f5000a2240e5c53de5fc0b85d3 1067858 libcurl4-doc_7.38.0-4+deb8u13_all.deb
Files:
 2c592f28d8393c8ac6df790514b9d6d6 2824 web optional curl_7.38.0-4+deb8u13.dsc
 c0361514d5d5c08393c1c748cea2caaf 56740 web optional curl_7.38.0-4+deb8u13.debian.tar.xz
 dccd25b89a9f8962d615903ed0ba9b0d 201444 web optional curl_7.38.0-4+deb8u13_amd64.deb
 c532a80c27751ba4e97771d43d7e8225 260726 libs optional libcurl3_7.38.0-4+deb8u13_amd64.deb
 026db28b7989c6d774aa2f29f0d2de68 252808 libs optional libcurl3-gnutls_7.38.0-4+deb8u13_amd64.deb
 03c86d4f62826201643956347092d768 264186 libs optional libcurl3-nss_7.38.0-4+deb8u13_amd64.deb
 61c8f1a1fda141c4b4c1504b07c37378 338002 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u13_amd64.deb
 f03b1517da68e1353a218844b6c408ea 329630 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u13_amd64.deb
 44ebdc113e5f07bd4e12bc70c7673acd 342072 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u13_amd64.deb
 e4549bd9cb4ac773a1895c21e71f87f8 3375356 debug extra libcurl3-dbg_7.38.0-4+deb8u13_amd64.deb
 1ecfe8dd59c9b114dae174c78fa0db41 1067858 doc optional libcurl4-doc_7.38.0-4+deb8u13_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvh28VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkVgsP+QEaXe6AuiLH1MhvUtHmWPa0Y5Oq0kMCocYX
dhSAuvolzRkROixFqSVCyZ18tDHpR+5UE4drx3tv7looDStPCITch/K04v8xT66f
xIn3GgvYUk+eP/9RfC7N9ulg9Db6Hv1+urMPOylrERwpjL6chOF9+oZnvcUwt/gE
L6UXzHDTjRFVZmq+QX6Mpf9i9kCY5BNVtj8C4G2+MJl9uYjKGxxHEtMzjCCMvHUy
7HTElyoPy79Q+LuahzXM5qr3pTe3QE3Z1hyCzvEFql8ZoOrsIawZbosuuuewkceV
XFMYaxGP2YqC8TwLKZXBZbkLVr42WqmS6ER9JrJEAGwoPw7GmbD7QDdlx91B6MfA
ZcnZDZWxi6nIYS3Gymn5b+6o3jl9ZfFzHTLFr0wiBeIqvHFLzvzXhMaMH9yWOkSx
ZywxbnUrdtUim341xr+lX9qxVS2aznwr6OrHdjZ7VcIIi9dU13Jn6M1sCvO6Vi1r
AQduMXojAWZYfmvhg/sc3w6rVYzHUwkuziuN9sepe9Bfwu/bPix3MBabf0gxl2hE
WBTE7gONsli+hPf9YO0BnOJO1YAuXKW4afmL9QKMQJ6zs2bX9s7ObHNHFNB6SeaB
d+vdAe4FcNepBEiMMsin+Ty/iCyUocLQmCOAWII7YU7LwNfIGN2AVQh11mxWhAti
qfWbOX3L
=y6OB
-----END PGP SIGNATURE-----
Reply to: