-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 May 2019 22:09:04 +0200 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.38.0-4+deb8u15 Distribution: jessie-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-4+deb8u15) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-5436: libcurl contains a heap buffer overflow in the function tftp_receive_packet() that receives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. Checksums-Sha1: db8d41e1c1ba4f0325464d128a7b7fac6a397860 2824 curl_7.38.0-4+deb8u15.dsc 1c213d8e66ee781576ee3f34a59232dfde58a202 57928 curl_7.38.0-4+deb8u15.debian.tar.xz edd64e4e3bac004d730735bbac2852348868f0aa 204486 curl_7.38.0-4+deb8u15_amd64.deb f10a56278c78ccee2a7a9fe898dab6b818dfa706 259276 libcurl3_7.38.0-4+deb8u15_amd64.deb 08c185ca3029ecb53e25ebcdfed212b491efc7e9 250976 libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb e913d37ca2a60d3eef20aa7069e804e19a7f6af0 260946 libcurl3-nss_7.38.0-4+deb8u15_amd64.deb 5c40236a0f43e47542a9370ffe93b30f7e510469 322288 libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb 37d11df5efeff2ce5ff961668aac71fcdb6de011 314478 libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb beac399d44d663a6ec4be324980e4ea20eb34e71 324964 libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb 572bb153f414436d7ab1b9d183a80b120660950e 2603448 libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb 856e27a33789aa7adef54e29be6063c1cf467c54 1068144 libcurl4-doc_7.38.0-4+deb8u15_all.deb Checksums-Sha256: 974ceb515fefc87cb735252d84a406c0b330721ee1f895d935c69828cd1c958f 2824 curl_7.38.0-4+deb8u15.dsc 8fa2d674b499046c23d418c8d0c8e5531f5943a626cedd663c446270399bb8fe 57928 curl_7.38.0-4+deb8u15.debian.tar.xz 0cc00e8cd657455b520f1aea15b303c5c0079be70e9531cf37510fce55eea3ce 204486 curl_7.38.0-4+deb8u15_amd64.deb 64b4b14119affe54a938153d0f00591fc48128d2846b725ced5dc9ac6ea1f844 259276 libcurl3_7.38.0-4+deb8u15_amd64.deb 0a81be423ed91d3ad54fa99c581c07a78140965e546e267e112df56f15cb30fe 250976 libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb 869537d50aa88ae7f87a171672f9ee82f515b00fb669ca70229557db0c384823 260946 libcurl3-nss_7.38.0-4+deb8u15_amd64.deb 33f6abcbdd5e3c581cf1620d23def6fa38c3f7b58f7556dbf2bf5001f4b2d83e 322288 libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb 1b93dcdb54363d965891550cc2f9ea438aff7732802d2ed3fbc1741b8d4adae4 314478 libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb b5a23733df9d26bdc8b5792bd2182a675602c8c3213cc1b886b480ce84c120a4 324964 libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb 17fbe30034f17a3fe95f1f2cdf7e743b7d3e3989ec4467144f457b4aa2e02150 2603448 libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb 1d41baa036f9422c9303fb22fa59d521ecfaa3e97dca2fd82b1ae504bd8a0f52 1068144 libcurl4-doc_7.38.0-4+deb8u15_all.deb Files: 1f172d81b3be00392f302259b1c1d968 2824 web optional curl_7.38.0-4+deb8u15.dsc 5a704a8fef53258163bb583deddd5a9f 57928 web optional curl_7.38.0-4+deb8u15.debian.tar.xz 2abf2f880e4d316cfb1014f99f02b020 204486 web optional curl_7.38.0-4+deb8u15_amd64.deb 62fad725496f4aa307fee0dcfaaf6d94 259276 libs optional libcurl3_7.38.0-4+deb8u15_amd64.deb e92a793bc5b1c5c39b4bd769f090d769 250976 libs optional libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb 399f156f01964147efae0afa808f160c 260946 libs optional libcurl3-nss_7.38.0-4+deb8u15_amd64.deb 52bf6859d68835fea5e40bd4d4d35e12 322288 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb 4e3fde41d644cfce797ae6ecf7ac00bb 314478 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb ff1099568cc76d3586fcc678f7b6ec39 324964 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb 6c82c09deff33f469b20131ce8d63191 2603448 debug extra libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb 57511016510a988992fceb4a8a1be490 1068144 doc optional libcurl4-doc_7.38.0-4+deb8u15_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzps/BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkfE0P/jS7KdoonoDAa1X45HNYldxIZEnk3F3QTz5b HixceVph6i/lMf80FkRjzN4bZQSFRbn6tZSyVxeJb7ddYWBAMaJRFVOl+Athb4+s 2AT6K2tT4fEz5noEReK09SM3goDKFFHJjwMvVwRdi/bUVr35NBO33oHwxHUFDVWk 9fZKPCfdeWORBeX0cSmLxmWlw1tyjnOH5w0zUwVJgs6Yk1ZViH5dXxhwg8qyGSYv Zp58KxFSCf4cB3q0eMKM/3101aQ9hp+ToogtKwyV6EjqUAfEbJnv0GFF5RUavcrE 8m1R87eLqo1S4svt3MAD70UCOuV8UQhBK8g+8Ie8qosn3EZo1tTMJhZTWRmRllPZ V9TBSEISVIdNRpRm6olSWxCzF2tWSBmz1f2f5GpecAdjmJy4W/Drr6jMZ0uBWO4K zObOGTp9fBXNILbdTLXj8izz9SPqAiVlr14zGI5kFPDIvt8jEpKyqmLvf2N5qIXC eJRyrvhVCoHbRe+KXbLUn3Vn0/QdO96uQ3wzRBqtAzfDUjDqaU2v0J9jLHQ03sNc lRR6cMiD6wCT2W+rSu2FzrP6xzdgyALVUROSAICvrwzFL5oZUWt91p5zBqJ/qS46 cUbSC4D4CbxTBJKAMqEPz7nNGuuI035jliV++Byf+hYOjLtP6iE/JUBEhrCeHvSu 7uFHiec3 =k5+h -----END PGP SIGNATURE-----
