Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted curl 7.52.1-5+deb9u10 (source) into oldstable->embargoed, oldstable
Date: Mon, 24 Feb 2020 19:42:02 +0000
Signed by: Alessandro Ghedini <ghedo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Feb 2020 14:56:32 +0000
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.52.1-5+deb9u10
Distribution: stretch-security
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 929351 940009 940010
Changes:
 curl (7.52.1-5+deb9u10) stretch-security; urgency=high
 .
   * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
     https://curl.haxx.se/docs/CVE-2019-5436.html
   * Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
     https://curl.haxx.se/docs/CVE-2019-5481.html
   * Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
     (Closes: #940010)
     https://curl.haxx.se/docs/CVE-2019-5482.html
Checksums-Sha1:
 fb75a45f57f618cfef5fed3fa883365d28b6feb1 2822 curl_7.52.1-5+deb9u10.dsc
 52e571f70614d961b6903f3dfa5db03523ff2fc2 43360 curl_7.52.1-5+deb9u10.debian.tar.xz
 46a65678dc0c7e476dad025fef03360b561ad2ae 11299 curl_7.52.1-5+deb9u10_amd64.buildinfo
Checksums-Sha256:
 313cd1eeb23ee0cb069040ab48d3d4fba08811d14b1581647b0e0bf303747160 2822 curl_7.52.1-5+deb9u10.dsc
 014f6df474eb55469883314060bef68c04334862ff8d543c04bec6f5fae4542c 43360 curl_7.52.1-5+deb9u10.debian.tar.xz
 bbeb4639cf2fb83ba1d030e60cd8808d5caa61a3c5d42e337172fd34b87387ff 11299 curl_7.52.1-5+deb9u10_amd64.buildinfo
Files:
 017bd156e39a39a601b2f42dd1f8739c 2822 web optional curl_7.52.1-5+deb9u10.dsc
 4e605be31d73e9765c6620a63c3c44b6 43360 web optional curl_7.52.1-5+deb9u10.debian.tar.xz
 35e260d5892952194b90266f5d8cc976 11299 web optional curl_7.52.1-5+deb9u10_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAl5RR4IRHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRygfEQ//dz1wqaRm+b9yTwUM3CWaSL1Rdx0fkp7/
Gh9xhuiniOSlSLPb5Mu/cafy6OkDIf3BP2+dGLNZ0X8ZznM57JJ5Js+2LKKNfvZ4
/zODBge88ZUU0CYDiSpZy+cC1jvIqVOWMCIKOGEJdYgiEU5tR+csYJmMR9doiNS+
6FKhkGlTe+hEg2b7OCoXjq/Q4JfDKVDFFk9BLi/IEgjSBpl2vP1k2fN1kFTZ0bw5
OnYYpUKNmJf7c8psQghl6sui8/lrIfpVJ/jSOj5NhWLYCvb7IurzX4alqA/NcE5T
m0XI/Fn5QEmrMj0AnroKNb8B19UHrNVBMaMs2dGSC/MK3zuZd803C/QHJ/veJQQ1
mwK6MwacjyRKrMFtjOAcv3I1nFDbBoaIpkuO5KVNTD3infQI2HFgYmHDYtNP/VOf
Uyi//5uiqFLXctpPGnM7R533wC4xT3y1/Lqyq0k/mcogkiFuSJZpR/cc2YhK1BfQ
0c5XEApk1r7vEe+HgNQM/j79L4zIrf5YOSPiP2oniPRPJadrPHWkbcJuCxu8uN0S
hFpYFA2J0OpQYeBLip9XGatQhTdFzatv6/EqMHnz8GCZtkX7shZVcNSMkMWfvya2
LMbLdQYF3bzsGHlk24EzENQXSOvtddC1HohNL7gEKTT1TeGxz3zfMjNIH8HS+C7j
4im8KvvcR4U=
=plOm
-----END PGP SIGNATURE-----
News for package curl
