Debian Package Tracker

From: Alessandro Ghedini <ghedo@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.64.0-1 (source) into unstable
Date: Wed, 06 Feb 2019 22:52:01 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 Feb 2019 22:33:05 +0000
Source: curl
Architecture: source
Version: 7.64.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Closes: 920267
Changes:
 curl (7.64.0-1) unstable; urgency=medium
 .
   * New upstream release
     + Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
       https://curl.haxx.se/docs/CVE-2018-16890.html
     + Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
       https://curl.haxx.se/docs/CVE-2019-3822.html
     + Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
       https://curl.haxx.se/docs/CVE-2019-3823.html
     + Fix HTTP negotiation with POST requests (Closes: #920267)
Checksums-Sha1:
 6e5cfe68bff944142ad36cdc3efd232e632792c5 2687 curl_7.64.0-1.dsc
 5911d4400e988ae52368f2266a5f84378983dbde 4032645 curl_7.64.0.orig.tar.gz
 061bcfd939b6d4575c950ffcfc9e96a934805622 29112 curl_7.64.0-1.debian.tar.xz
 77fc8e7b4bd85075a1ab9babeceb37a1e3d3617d 10823 curl_7.64.0-1_amd64.buildinfo
Checksums-Sha256:
 7cef86f07f054916dd23e46d9401f163b1632d64f879cbbf5e1b1d6f98c44123 2687 curl_7.64.0-1.dsc
 cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5 4032645 curl_7.64.0.orig.tar.gz
 515caa9c81f07225371411f4059d78a52159e03827119a74db2ac42dd3d73d6a 29112 curl_7.64.0-1.debian.tar.xz
 bce23a70614f6c8e992b6993d04ebe752d703d077a1b81a8a6257b42876faea3 10823 curl_7.64.0-1_amd64.buildinfo
Files:
 f43450b5d617f2f6d2d2e2893ff0f121 2687 web optional curl_7.64.0-1.dsc
 a026740d599a32bcbbe6e70679397899 4032645 web optional curl_7.64.0.orig.tar.gz
 20daf518bf64614f3d1cdc4e87f5c80d 29112 web optional curl_7.64.0-1.debian.tar.xz
 4f331d72abc59d316833bc5639f72951 10823 web optional curl_7.64.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbYbYRHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRyiE6RAAnzkgZR08fiLOHLyH6IZaGwwF6+28ao2O
kySYmM76r4hEwuaCURKuPSnnYb6wgziKSylAamsvmIB50pzTsAabwG35Z2rjAe+7
1iv4zqQCDmxRPPPzmQ7hF9yo+wGXQx+v3URJfeIotKZmQpoAU5rSrL4Fn1yQ9JN9
mcBucX4xZ5m33SjC/jd04WuCyAmIngiW7FfHZsIajumN0FBLGiQtcI4P9X9iOzaw
5WQLtH27qhUmp01Hx6pPC3itppLQ8EKIvD73EbRTMono7lvoxQdq1YLmZVBsbvD8
5OfI3jC0U5YY3zt4AIKVG6Cup8+MVnNjvIHsqfr/y4/LAJv7gIPpduAiTqs0MWG1
yonXrPurBXsmtagy0hv1AiNxzZ4hj/ny56J3kaVtw+oSE5MIBrhdap02qgNgS2Oc
WE5QSYNddNxM5+ueBi3tQhBj2JwnNHI6rZPTHap8Y9GZYX7DjwI4kQX/0MdcXiZX
Ymmdpy/T5bLJtNNeyAFpwH99zD5rBIH9wQ3nMkhkrK95X5FSMapfKogRhs+OF+uM
LBihICNGo75mYll3P7a8YCTcGc2Y2S4FHuZFbgA2RMH31TUBwT/s0knu0PFbkPzw
MrAnvtnk+hk+CS25rFsOlaItyoiGPyPzZ7ZS8Srln/o5BJx7rEsKkkYAOfnnwAFJ
qgRGu3ez7dc=
=cFLW
-----END PGP SIGNATURE-----
News for package curl
