-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 11 Feb 2019 15:57:22 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.38.0-4+deb8u14 Distribution: jessie-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-4+deb8u14) jessie-security; urgency=high . * CVE-2018-16890: Fix a heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages. * CVE-2019-3822: Fix a stack-based buffer overflow in the handling of outgoing NTLM type-3 headers. * CVE-2019-3823: Fix a heap out-of-bounds read in the code handling the end-of-response in the SMTP protocol. Checksums-Sha1: 552a2bc03ecc2388c199612213d9bf4dceaf9a7d 2673 curl_7.38.0-4+deb8u14.dsc 40d8ec9063f076005535139c9229ac77c57f0300 4094034 curl_7.38.0.orig.tar.gz d72287b59b7d9e19c2a26b33a7e3935bf47e9a7b 57312 curl_7.38.0-4+deb8u14.debian.tar.xz 8d1179b500c0d5f80199a16f4ffba2ee08118b96 201574 curl_7.38.0-4+deb8u14_amd64.deb 94af1833efa735dc8ecc0f2612c9a90c372bd919 261068 libcurl3_7.38.0-4+deb8u14_amd64.deb 2b4ac7359972b2e7a88f3309cfa0b5c780f6ff2a 253396 libcurl3-gnutls_7.38.0-4+deb8u14_amd64.deb 3009be2e81e27861acc905fd64ad2f8d66650bee 264746 libcurl3-nss_7.38.0-4+deb8u14_amd64.deb 789fc07ffe2cc4b7313db4fe04e907dc56358b5d 337718 libcurl4-openssl-dev_7.38.0-4+deb8u14_amd64.deb 6a4cede392cdf93627a7896ee44e05a8a466ece9 329228 libcurl4-gnutls-dev_7.38.0-4+deb8u14_amd64.deb 1847004c4672a7415d9e04d79957c72040d403d7 341624 libcurl4-nss-dev_7.38.0-4+deb8u14_amd64.deb e09ae33e8c1104c0611ae3124d7305648c9c590a 3373374 libcurl3-dbg_7.38.0-4+deb8u14_amd64.deb 62879870633530533088031ca8573ff8d9abdc82 1068570 libcurl4-doc_7.38.0-4+deb8u14_all.deb Checksums-Sha256: 6faa32fb4ca89e2aa65c15f792c31087699a1b43f4296d8efcdfd5677c83a1c1 2673 curl_7.38.0-4+deb8u14.dsc 5661028aa6532882fa228cd23c99ddbb8b87643dbb1a7ea55c068d34a943dff1 4094034 curl_7.38.0.orig.tar.gz 81141deeed8741e4cf31ef240cd438ac8543114cf6fec5faaf2505374b6d8398 57312 curl_7.38.0-4+deb8u14.debian.tar.xz d9de69ed526f4624d54eede4af0ffab3eaa6d154b786bfa2a8da62a31134abdb 201574 curl_7.38.0-4+deb8u14_amd64.deb 740da75de437b4488906973af7283c315aa12d4bb8d3f2e3f274bab065054349 261068 libcurl3_7.38.0-4+deb8u14_amd64.deb 31e950b86818517067f33a5c2d22d4c13b7eeeebf2b424f1393a0e3554e62221 253396 libcurl3-gnutls_7.38.0-4+deb8u14_amd64.deb 87daf83d397b43b9138710980ffae5e3c719bb7a064cc79c66c98658d49ef8db 264746 libcurl3-nss_7.38.0-4+deb8u14_amd64.deb c94a7fb9fa52cfba2203e5aaa9ff93093e1f5a763e3b1ca87d30ce0e3b405ef8 337718 libcurl4-openssl-dev_7.38.0-4+deb8u14_amd64.deb 789aa2c8bc902b846b4f91a3b7ccfe730530a8600276a2a967d8eccfc799c3c0 329228 libcurl4-gnutls-dev_7.38.0-4+deb8u14_amd64.deb 54f254666fea5a236f06883409a1e940e9af6d503693acb037333c643714541b 341624 libcurl4-nss-dev_7.38.0-4+deb8u14_amd64.deb a494ac6b030c235565a49fb4589e089df6b9018799a12b7dbe0f837040fc9b14 3373374 libcurl3-dbg_7.38.0-4+deb8u14_amd64.deb dcfb75a40aea2830460590579fa6a84b53ac1a39a07b489be0408e8895e7ccf2 1068570 libcurl4-doc_7.38.0-4+deb8u14_all.deb Files: 8aff0d62fc1f1e1addad18e0eddf4cac 2673 web optional curl_7.38.0-4+deb8u14.dsc b6e3ea55bb718f2270489581efa50a8a 4094034 web optional curl_7.38.0.orig.tar.gz f5093d40e72078d10dfe78517372b6f9 57312 web optional curl_7.38.0-4+deb8u14.debian.tar.xz 2b09ab10c9ec769ef98c40c35dddbc09 201574 web optional curl_7.38.0-4+deb8u14_amd64.deb b50ca46db7293e2858cf587b6341e675 261068 libs optional libcurl3_7.38.0-4+deb8u14_amd64.deb 27a0fbbd97d64dda53e33e2dc7cfb502 253396 libs optional libcurl3-gnutls_7.38.0-4+deb8u14_amd64.deb d3575e8f97789e3c8a1ad11db4c5a441 264746 libs optional libcurl3-nss_7.38.0-4+deb8u14_amd64.deb b86b969903067005088b70ec481a73ba 337718 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u14_amd64.deb 361274f0cd0c29c14df16b9d3a65dee3 329228 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u14_amd64.deb 4e7624082d9b478a31cc60d1b3ea8762 341624 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u14_amd64.deb 3abbbcdd57ff84ded2bc5cf327d43768 3373374 debug extra libcurl3-dbg_7.38.0-4+deb8u14_amd64.deb ddfd4d942d24642240c0ef645ae9dfe5 1068570 doc optional libcurl4-doc_7.38.0-4+deb8u14_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxhl/4ACgkQHpU+J9Qx Hlhx0g/+MT1AtjOS7GIbsup+CXYAdXnqkJyuxUKnAyI8o2u2fIJ0Ssbvu0VobccU 5ltyVdi7MuIcAc8RhJloJ0E5ra17gu43PmF1yfCDsoxW9P4LU7lIdVkaKEx+Uqno WI+KbRXtHhvw1IcQPdlX/tLveonTlRaM2c27CPNLT7METyEScqqKZwk34D7Hl4ft 9avCUrYikgIHlsfLVwCS2Ho5ZgNq2eVCBLxQlA/G412sqhC7/Z5uQxAeKJQwnvcs 9mh+h4BW3zk1TETBEvrhdJTeCaIpR/FfMTYSiiIEJyq7es1ERX9TvUkwUnunqIq6 SQ0iDP7D+bAftdoU8UqgKs+ncM9/nciI1Brd3Toik+0oJ8FTXqTu5X/z++Z0VPTI lOpINwE2rjWxMw62X3bM8dAmP8MnR2dW/Vq/93HIRAN+NBktCNLHn0zZTq9cfn00 YPaJRphyXBW06Z2iapnqyraGesD9tPb0ynPDaY4weVOnHP4pW6GCOVoY3q9lHAvu sMvAEcFrekyY+ZtMbx0MHzFn5wGrHUK86YJ/tnO5pfAZ/DBPTasqOG8ZHOz0utxg e2KGhbJh8iXaKCAuMdBo8lufBpHaRnrY5DqnNPwGLsImH7uyrpoZPn4EmQNgIyme FfG39/AcySxdl0rtrHSaS0gjBknvnYnrPympPxSDXpYu9ma6YYA= =a9fe -----END PGP SIGNATURE-----
