Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.72.0-1 (source) into unstable
Date: Mon, 24 Aug 2020 09:50:51 +0000
Signed by: Alessandro Ghedini <ghedo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Aug 2020 10:26:12 +0200
Source: curl
Architecture: source
Version: 7.72.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Closes: 955785 965280 965281 968831
Changes:
 curl (7.72.0-1) unstable; urgency=medium
 .
   * New upstream release
     + Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
       (Closes: #965280)
       https://curl.haxx.se/docs/CVE-2020-8169.html
     + Fix local file overwrite with -J option as per CVE-2020-8177
       (Closes: #965281)
       https://curl.haxx.se/docs/CVE-2020-8177.html
     + Fix wrong connect-only connection as per CVE-2020-8231 (Closes: #968831)
       https://curl.haxx.se/docs/CVE-2020-8231.html
   * Refresh patches
   * Do not install *.la files.
     Thanks to Pino Toscano for the patch. (Closes: #955785)
   * Update list of doc files
   * Update copyright for polarssl -> mbedtls rename
   * Use python3 executable in tests
Checksums-Sha1:
 e8da08d7b2677e10793a8a83eff239656e73d942 2664 curl_7.72.0-1.dsc
 735352fc82f7ebeeaaba2b584e564c78642d3dac 4051784 curl_7.72.0.orig.tar.gz
 607f5e94a3691839ceed146f484a2d2262263717 29768 curl_7.72.0-1.debian.tar.xz
 759fe01738d0e9107f312a8077a76a7728f88271 11889 curl_7.72.0-1_amd64.buildinfo
Checksums-Sha256:
 be18fbdc46034126e505dc04f98a8b36fc32a287441c08e2211ed6a1074b606c 2664 curl_7.72.0-1.dsc
 d4d5899a3868fbb6ae1856c3e55a32ce35913de3956d1973caccd37bd0174fa2 4051784 curl_7.72.0.orig.tar.gz
 158ef5b94633cf4dc3a74ce3c7d807af3f711621cf51638b8a12ca952a988a39 29768 curl_7.72.0-1.debian.tar.xz
 11822ae0dc7068a01bd1eabe812d71cbed4bf0891c2b2dc6e5eb3c82fed16f5a 11889 curl_7.72.0-1_amd64.buildinfo
Files:
 5ad96faddc13832a0a8ec16a75de6402 2664 web optional curl_7.72.0-1.dsc
 7422feb126df677d2d33294a1fd079ea 4051784 web optional curl_7.72.0.orig.tar.gz
 89ce257aaa36a12a85bdb210b1fb30fd 29768 web optional curl_7.72.0-1.debian.tar.xz
 1df40153605b692e36bafa2f5d4b81f9 11889 web optional curl_7.72.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAl9DhuIRHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRyjTMg//St0h0gWjdda0Wu1iaPkOhuAoki6Ij7Xt
Fr5JCT+v3aYlOcu+94bYXlini+nmkpQb4765UOUaF8OKY/a8y4sMe++zZV8IhZY/
1hToBOHtaQDljBqfXRZZVoisT7huzWb8GU0DTj8mCIiaDqTnD6pm/52jcM0pk+4b
YnHATsd3Z+ySXySDucychu46fSbO6sJwWnSL7oy2dRFAZOsXa4e317eFYQYYjcIa
Gz+eYI8T6b/N+Z6LMEvhCDdTvEIh4C6tF/+potgxMWKGiQE8QTyOnULfv+0nanLS
stslYQ9qDo8CwwTAH18YVOVuYlyYahWp4N3c6apQwGFangH+zk9W3vaVZ7iQdHMq
RRMTz13HGj3CWfQIXbkmzsrY65RYfKxP1W6cxhCpgJD5UuEYrstimuJRLdosDOjm
gIzNwy/CGk79uba3pdHCzeTss/u5T2Y4DimjfYMtNVbQEzXlxNIi79hKMRlJauEi
k+AfNPo195C3FXvzj531krYiwO+AsBD/zn+JUJWfu8wsuokPq8ggnv/6bK9waumh
+882Q/wrJRXrE8OKWdmfanxbgNDz49CWKbpLNo8jrkSIotjggH1etMnLbR+pmu99
zQGffzKy3FoqfoYUMUUFaXO4XvaQPQF2o2JkdOUlJdpq0n7kA0h2zogj6BphJk3A
dGTcZJ66SgA=
=cP3P
-----END PGP SIGNATURE-----
News for package curl
