-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Oct 2018 21:39:11 +0000 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.52.1-5+deb9u8 Distribution: stretch-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Alessandro Ghedini <ghedo@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.52.1-5+deb9u8) stretch-security; urgency=high . * Fix SASL password overflow via integer overflow as per CVE-2018-16839 https://curl.haxx.se/docs/CVE-2018-16839.html * Fix warning message out-of-buffer read as per CVE-2018-16842 https://curl.haxx.se/docs/CVE-2018-16842.html Checksums-Sha1: 660f40cc74207af4a7cdec69d8c56b196841b00a 2818 curl_7.52.1-5+deb9u8.dsc 22878180299d3f1fa4523a7151faa3e2e1ab41d1 41348 curl_7.52.1-5+deb9u8.debian.tar.xz 84b54313fea41ff9da8ecb5b80eef93d83bd6295 131926 curl-dbgsym_7.52.1-5+deb9u8_amd64.deb 6314295015840d4ba656de539da87f9de75fe8cf 11128 curl_7.52.1-5+deb9u8_amd64.buildinfo f15959e384fab0bf64c694d220c5bb1f265e4ce0 227546 curl_7.52.1-5+deb9u8_amd64.deb 485af5c92e49bbf581c27d407b83c5282e6ef1cb 5001514 libcurl3-dbg_7.52.1-5+deb9u8_amd64.deb dc0623fd31a2a66f527ad35675715ef2c2b1c72d 289712 libcurl3-gnutls_7.52.1-5+deb9u8_amd64.deb e6316d5c4b0e726433dec1f52b2cb41ac802b83b 295234 libcurl3-nss_7.52.1-5+deb9u8_amd64.deb 8c592849946f5f97dff4fb57dec27371d08482ac 291510 libcurl3_7.52.1-5+deb9u8_amd64.deb e9fb0a45aafdec9971f0b129a8540b29ff0e11c2 828110 libcurl4-doc_7.52.1-5+deb9u8_all.deb e05ad700bbfa6da1020d314b006d0278088d061b 372574 libcurl4-gnutls-dev_7.52.1-5+deb9u8_amd64.deb e979f625416946f71abaadd134d8e105cc25f206 378344 libcurl4-nss-dev_7.52.1-5+deb9u8_amd64.deb 8387fccccb3fcadde4683fe7ac1ea0233d89037e 374236 libcurl4-openssl-dev_7.52.1-5+deb9u8_amd64.deb Checksums-Sha256: 0c2fa7a1b44066cb4998c4c02fbd3d29c268ddaa381ce489f7be6784cda6350d 2818 curl_7.52.1-5+deb9u8.dsc 6f570876bf1a5fa492c850ecd811ab684af814d59375b151a52194db772a3e70 41348 curl_7.52.1-5+deb9u8.debian.tar.xz 39418a32abdd35c67b57c16a4c501479ae9be183b447aa86ed11b115fdc30554 131926 curl-dbgsym_7.52.1-5+deb9u8_amd64.deb fcb7ce00c61d4bda1c752da131cda6614e71225f1539c74345bec14f51139f7d 11128 curl_7.52.1-5+deb9u8_amd64.buildinfo e3c2e3c7e621cb9c16fb994456c598f49ddb6cad2a6b48df87b8fd4a5ff292eb 227546 curl_7.52.1-5+deb9u8_amd64.deb cdfed115f83baaee581930a134a59ed951669ebaf1031e9e2965cb1f98a0639c 5001514 libcurl3-dbg_7.52.1-5+deb9u8_amd64.deb 89557feef7ca4c2b7d00499590d73253b5b974692c9b44f46efdfea84dd56b3a 289712 libcurl3-gnutls_7.52.1-5+deb9u8_amd64.deb 61630c8983a5bb077cc4e5e20d77711e0b0af6df6b6c2701d273afcd3c050ef2 295234 libcurl3-nss_7.52.1-5+deb9u8_amd64.deb 3e6c0cafa877035ab5d232f2eb66d9cde1ae1e1e01e3ad40a5dd3b0107749b21 291510 libcurl3_7.52.1-5+deb9u8_amd64.deb 68ffcbb39c09619b6a0cd34d8f63cedcf8dee6c15cfd25762d56a57a9f06801a 828110 libcurl4-doc_7.52.1-5+deb9u8_all.deb 9070f68846d83bfb3eee174ab2ab7192be78d39553f49050191ab2a5a1cde624 372574 libcurl4-gnutls-dev_7.52.1-5+deb9u8_amd64.deb 5fa4a015a64d051c7f4658c5ad769786fb8c7a278dbeccaacb21683bfb926eef 378344 libcurl4-nss-dev_7.52.1-5+deb9u8_amd64.deb 3ca7a8171cde9df2dbe8640941045a9c5fb4b6b5c81c64e8b3ac4ec919ab62fd 374236 libcurl4-openssl-dev_7.52.1-5+deb9u8_amd64.deb Files: 17cfc87a18735f6b7243977a20b9bcc8 2818 web optional curl_7.52.1-5+deb9u8.dsc 466dbc1257d898c4eadcd2042ad3ef00 41348 web optional curl_7.52.1-5+deb9u8.debian.tar.xz 1f8f85a532d86a36fc93f17eb12d1aad 131926 debug extra curl-dbgsym_7.52.1-5+deb9u8_amd64.deb b4157526a7194f8a0cc7f381e2694c78 11128 web optional curl_7.52.1-5+deb9u8_amd64.buildinfo d49897fc47b3249e67c4c012f35ac851 227546 web optional curl_7.52.1-5+deb9u8_amd64.deb f8118f95ac35a3cfa0663b69a538b660 5001514 debug extra libcurl3-dbg_7.52.1-5+deb9u8_amd64.deb cffbcbd723973b0d599d4ab88f0a6204 289712 libs optional libcurl3-gnutls_7.52.1-5+deb9u8_amd64.deb aa8d86ae2365b42a228e467aae76adea 295234 libs optional libcurl3-nss_7.52.1-5+deb9u8_amd64.deb 4545490cdeceed9b0842f900a8dc105f 291510 libs optional libcurl3_7.52.1-5+deb9u8_amd64.deb 5ec2e62e8546d5944332c3b338987ce5 828110 doc optional libcurl4-doc_7.52.1-5+deb9u8_all.deb f6e22a21e0dc998b3e38dc1c47c85fe0 372574 libdevel optional libcurl4-gnutls-dev_7.52.1-5+deb9u8_amd64.deb 02dab4bef14fe2ec8488153c12cabd32 378344 libdevel optional libcurl4-nss-dev_7.52.1-5+deb9u8_amd64.deb c2bc285a1874f4240d2d731268c5614e 374236 libdevel optional libcurl4-openssl-dev_7.52.1-5+deb9u8_amd64.deb -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAlvbkTsRHGdoZWRvQGRl Ymlhbi5vcmcACgkQbwzL4CFiRygBOA/+MX7fi8mYgQWhbc9mmIu3LjJnAsKZqxcJ 2wpDRkYBAzgthjqufP8LatLwrH3WvHSmb+unlut3Dkf4394dAupltoBx1hDnyba8 ULoCRpSlmLsxvj/6pbF9OP6hZAxeAbCrgAcxuGKHfSnS7/EZQzP69HJwU+GUvqtE 2ukamSDGa8zOW4QGpxE+R/TUh121DCRJzX9lt4c1eDYSixTtWrMRUgT13sJ84Q3m Bh3V8U1e/pf3rcvIuxBOv62ZGwd/sJiCSvzM3EgU2KF1JMmGR1a+wkPesZWtVHR5 Wh0LVo53LRf6/HaY5mK+F8mqCqZaJUj0MijUbUYa1dmNmxX58SDgk8mJTOly4tMT Tk5Pra3h2KrA3dz968WXIDF4QI9PvWDdPHHBxF7EiLF6H6w6VyReK9yaXvUxm45b xV7axSnJcDjdbOrHpwzAWScXx1fxACx66SCWPbPek7CwwUU4gZ30P5B5/F8moD7C jUdTkzGUGQaFnTBzdrzHaLDbz2VI6b7DERRpM/Eo/Y8gqt01+ax24qE+8ARkqMiB SGgQp1Zp/yA/4u/bVhTr/HNk9YWEZmujQKUjxD7Janqyko2PlFks/l01xN1fEZkH bCJmB3fG8S6/HVMTZtuhu5BKyfj0AYNlfRuYca6ZctbqFFozn3YBifnPBjsFvy0b OnnFKMr7ChQ= =u+LZ -----END PGP SIGNATURE-----
