Bug#930555: unblock: curl/7.64.0-4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#930555: unblock: curl/7.64.0-4
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 15 Jun 2019 14:19:22 +0200
Message-id: <[🔎] 156060116296.13861.3001944204537833220.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 930555@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi release team,

Please unblock package curl. To admit the two CVEs are not really at
RC severity (and thus were filled only as important severity), but if
possible it would be great to start buster with including those two
CVE fixes in curl. Alessandro uploaded 7.64.0-4 to unstable
containting fixes for the following:

+curl (7.64.0-4) unstable; urgency=medium
+
+  * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
+    https://curl.haxx.se/docs/CVE-2019-5436.html
+  * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352)
+    https://curl.haxx.se/docs/CVE-2019-5435.html
+
+ -- Alessandro Ghedini <ghedo@debian.org>  Fri, 14 Jun 2019 19:23:32 +0100

Attached is as well the debdiff produced from the version in testing
to the one in sid.

unblock curl/7.64.0-4

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#930555: unblock: curl/7.64.0-4
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#930555: marked as done (unblock: curl/7.64.0-4)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#930550: marked as done (unblock: thunderbird/1:60.7.1-1)
Next by Date: Bug#930555: unblock: curl/7.64.0-4
Previous by thread: Bug#929724: marked as done (unblock: shim-signed/1.33)
Next by thread: Bug#930555: unblock: curl/7.64.0-4
Index(es):
- Date
- Thread