Accepted curl 7.52.1-5+deb9u16 (source amd64 all) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted curl 7.52.1-5+deb9u16 (source amd64 all) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 30 Sep 2021 14:00:21 +0000
Message-id: <[🔎] E1mVwbl-0003fk-MO@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Sep 2021 21:03:02 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source amd64 all
Version: 7.52.1-5+deb9u16
Distribution: stretch-security
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.52.1-5+deb9u16) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2021-22946
     Crafted answers from a server might force clients to not use TLS on
     connections though TLS was required and expected.
   * CVE-2021-22947
     When using STARTTLS to initiate a TLS connection, the server might
     send multiple answers before the TLS upgrade and such the client
     would handle them as being trusted. This could be used by a
     MITM-attacker to inject fake response data.
Checksums-Sha1:
 9e88eb32e6cac05f34eddff0702b0c621cfea6b5 2956 curl_7.52.1-5+deb9u16.dsc
 73097952ada80fbaff924c706ba57d1f77c38d00 3504621 curl_7.52.1.orig.tar.gz
 77d28c01ea763739d0c7ea66b6247f7b2e2f3284 68076 curl_7.52.1-5+deb9u16.debian.tar.xz
 c1b27a9b130d91cead960e4d2fcdf7aa27b5645e 131908 curl-dbgsym_7.52.1-5+deb9u16_amd64.deb
 fda8633025131a03e9bd33e3425cb3c021bfcaba 11425 curl_7.52.1-5+deb9u16_amd64.buildinfo
 6beafd8e0bdf4bb1c4005134c7a2ab40d8b585d6 228768 curl_7.52.1-5+deb9u16_amd64.deb
 5178246d84cdb0215cc592a481942492e8f1cc47 5096978 libcurl3-dbg_7.52.1-5+deb9u16_amd64.deb
 87c3fbe5c2f74eee354e732be9e391fa11119af9 296148 libcurl3-gnutls_7.52.1-5+deb9u16_amd64.deb
 b67051a53fa23173948ae76e9e394a5572046b8c 301912 libcurl3-nss_7.52.1-5+deb9u16_amd64.deb
 76388abfc679a3f66c8cad18c2f88949d45610e8 298370 libcurl3_7.52.1-5+deb9u16_amd64.deb
 6d2d2e57450ef505fc66c1791dca1369c83abee7 829464 libcurl4-doc_7.52.1-5+deb9u16_all.deb
 6f4b18ae98fdd4be90ec4a7056e6185f862fee01 380648 libcurl4-gnutls-dev_7.52.1-5+deb9u16_amd64.deb
 2975d94de9ddf283fe935cac9b01cea9789e9416 386434 libcurl4-nss-dev_7.52.1-5+deb9u16_amd64.deb
 b8a94227c125292e0cc137140df2ba81532ba590 382650 libcurl4-openssl-dev_7.52.1-5+deb9u16_amd64.deb
Checksums-Sha256:
 983ffa16e37e057f0c15a3bfbc23598e2b8b436e61c4c2bc12efa71a9bdf31f8 2956 curl_7.52.1-5+deb9u16.dsc
 a8984e8b20880b621f61a62d95ff3c0763a3152093a9f9ce4287cfd614add6ae 3504621 curl_7.52.1.orig.tar.gz
 3b5a01e9b08e5e845a368c6f4c82cdd221a029afe264b5954aa646c8c30b6373 68076 curl_7.52.1-5+deb9u16.debian.tar.xz
 7363b655b3ecc3c36baae9903c76736dd1bb0c1db171520acf3efb4ef0a4f905 131908 curl-dbgsym_7.52.1-5+deb9u16_amd64.deb
 be975a05ee8cd1b04c2b1e3ef09fc60431396760e76b883cf4b3eb30b88b5fef 11425 curl_7.52.1-5+deb9u16_amd64.buildinfo
 4bf6b575bc3fcc861838d8383b478d42a55fbf0d717f0c44cfc23d2d1978195b 228768 curl_7.52.1-5+deb9u16_amd64.deb
 ee755c2d35c124935ccb74c50ad2b058c0b2f0e20a37699ab1aaf6c9f80d11b1 5096978 libcurl3-dbg_7.52.1-5+deb9u16_amd64.deb
 5b8abe4c17939ba9f8fd37376aca6404cea57dd5c9f2caa0ad9cb269559827a7 296148 libcurl3-gnutls_7.52.1-5+deb9u16_amd64.deb
 a19ce3bfc28851c8a8eed721ac1b6b6a00e59ab8699800d62e808c6436f22282 301912 libcurl3-nss_7.52.1-5+deb9u16_amd64.deb
 bbdb3d7be2577c07593b1035cd70a1d288ec7632db3e17304cef27529065ad66 298370 libcurl3_7.52.1-5+deb9u16_amd64.deb
 f2dc1ba27e835703787bed67bfed130d83ad4a431f7493dc2d63830dc9402b63 829464 libcurl4-doc_7.52.1-5+deb9u16_all.deb
 7e2aaa2273315b279452db23c6f60e327bc27739e5d0bfa029dd61ca6e3490d8 380648 libcurl4-gnutls-dev_7.52.1-5+deb9u16_amd64.deb
 227a75cb307c866818f5a7956a94cd7757dd90d9bae27e2da99acea366529bb8 386434 libcurl4-nss-dev_7.52.1-5+deb9u16_amd64.deb
 a5aca5b152787efe86b6a7b3072e8019ba0c570c80b3ddc616d6caf83f92a373 382650 libcurl4-openssl-dev_7.52.1-5+deb9u16_amd64.deb
Files:
 64ada4e514b7beecff33315b82df2974 2956 web optional curl_7.52.1-5+deb9u16.dsc
 4e1ef056e117b4d25f4ec42ac609c0d4 3504621 web optional curl_7.52.1.orig.tar.gz
 743bda40fabac3ecc269657cb751bc3d 68076 web optional curl_7.52.1-5+deb9u16.debian.tar.xz
 a3a8d4649a6bb17309b8a0f3305ad209 131908 debug extra curl-dbgsym_7.52.1-5+deb9u16_amd64.deb
 737dd590a5c18ebe81c73ac8965ffd6d 11425 web optional curl_7.52.1-5+deb9u16_amd64.buildinfo
 7143af8b7dc93f7e2953a1cd8ef70861 228768 web optional curl_7.52.1-5+deb9u16_amd64.deb
 229b3bbafafe6bfce741a6ef962a7049 5096978 debug extra libcurl3-dbg_7.52.1-5+deb9u16_amd64.deb
 ebdba94763f118ff129ce71a98473cf8 296148 libs optional libcurl3-gnutls_7.52.1-5+deb9u16_amd64.deb
 f0ff50ba57bd619eec3568604925f86b 301912 libs optional libcurl3-nss_7.52.1-5+deb9u16_amd64.deb
 21583b193675351cef461918710ae0b1 298370 libs optional libcurl3_7.52.1-5+deb9u16_amd64.deb
 d2b9e5769b610a35423a5e3df2fd9437 829464 doc optional libcurl4-doc_7.52.1-5+deb9u16_all.deb
 7833baa569d299ac4ef27e5732bc6250 380648 libdevel optional libcurl4-gnutls-dev_7.52.1-5+deb9u16_amd64.deb
 503cf93299455d3f13d65a311eea9887 386434 libdevel optional libcurl4-nss-dev_7.52.1-5+deb9u16_amd64.deb
 71b7b3271f22eaf9e1d3cfc68ce956e8 382650 libdevel optional libcurl4-openssl-dev_7.52.1-5+deb9u16_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmFVv3NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR0DnD/45iHZTeiAacNtMjCQiook7li/C2cDy
YV8uB9Jw4ua7DmYROHTAgJ7RBJ6aCfOm2XCl/pFyDm4e7Ce/BO1SK1TyeqPy5/4k
bags7Hjk7mDcDlJ5ZsA2PXyWBNXYp1iIqtChi9cY/xbGNC6ShkWl6tGqfEfHyc8j
/lVBqXpN61qETpUv4xTXKVtWNPrwx2uscrWiXvkENnAcJq+ci1MVXnbIl+Nxbwx0
CdKxCO6SA383aSax83I21MzShLJSWuBroOcdr/bB0fJFnfLr2CyG8xS4zYL29Glf
XCSdqrK+QMnCdqIwan2q5UtNJgrdwoAXUuU2qDNJZEp6XjgscLDQtp626ZiTKN2g
gJj5U9cFQ5k0V5zAE3uRetDF1mJz3MLylbe8D/0bZpsWvFc0KqunD4vMzDlpDJQ0
ERQAw1lCBuvVpOz70cFkai2QXGtPqjpo5jCPZUhverNzPgrF92OE1eIfFu9Gj7qf
uscZaJFlwEFFsvgTd+VMHcOg2eMG5Ig7FMxn4YAYVjdx0rlUEBDfUhTu96PZhlTB
24de/VJAIZaKvhzMaYfpTDLWjSl4hw6jzNhgW6lD5zEsf5Q5LVO7FDJ/RGIdvN74
W/pSbl61fJehEniW3YrEo23MBYdINVOhHTBm/nEJxT7bIa+4tBETgs7e1VTyxJXQ
ZmISC9w2fLVTwg==
=/RHT
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted weechat 1.6-1+deb9u3 (source) into oldoldstable
Next by Date: Accepted openssl1.0 1.0.2u-1~deb9u6 (source amd64) into oldoldstable
Previous by thread: Accepted weechat 1.6-1+deb9u3 (source) into oldoldstable
Next by thread: Accepted openssl1.0 1.0.2u-1~deb9u6 (source amd64) into oldoldstable
Index(es):
- Date
- Thread