Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.74.0-1 (source) into unstable
Date: Thu, 31 Dec 2020 16:03:43 +0000
Signed by: Alessandro Ghedini <ghedo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 31 Dec 2020 15:22:05 +0100
Source: curl
Architecture: source
Version: 7.74.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Closes: 963559 969004 977161 977162 977163
Changes:
 curl (7.74.0-1) unstable; urgency=medium
 .
   * New upstream release
     + Fix inferior OCSP verification as per CVE-2020-8286 (Closes: #977161)
       https://curl.se/docs/CVE-2020-8286.html
     + Fix FTP wildcard stack overflow as per CVE-2020-8285 (Closes: #977162)
       https://curl.se/docs/CVE-2020-8285.html
     + Fix trusting FTP PASV responses as per CVE-2020-8284 (Closes: #977163)
       https://curl.se/docs/CVE-2020-8284.html
   * Update debian/watch to new upstream download page layout
   * Update 12_use-python3-in-tests.patch due to renamed file
   * Refresh patches
   * Fix cross-build due to python build dependencies.
     Thanks to Helmut Grohne for the patch (Closes: #969004)
   * Fix formatting in some man pages.
     Thanks to Bjarni Ingi Gislason for the patch (Closes: #963559)
   * Update list of documentation files to install
   * Update symbols
   * Bump Standards-Version to 4.5.1 (no changes needed)
   * Drop removed file from d/copyright
Checksums-Sha1:
 787a0c8284cb03bb06049e7eb2ee0e96ff010461 2686 curl_7.74.0-1.dsc
 cd7239cf9223b39ade86a14eb37fe68f5656eae9 4043409 curl_7.74.0.orig.tar.gz
 14fd397cac37a0061c5c527d1c111ae7944cac36 31404 curl_7.74.0-1.debian.tar.xz
 1ecbd72b0793ec783e926bff1328958a765ef026 11986 curl_7.74.0-1_amd64.buildinfo
Checksums-Sha256:
 c4c4ff62d6b2b58bc0eb64abb1301a1227d32d08cea95a1166936473df12ecdb 2686 curl_7.74.0-1.dsc
 e56b3921eeb7a2951959c02db0912b5fcd5fdba5aca071da819e1accf338bbd7 4043409 curl_7.74.0.orig.tar.gz
 16a7423335ec487f741cd67b740aa887d2f3dd00f47d488575e61186e62ea7d9 31404 curl_7.74.0-1.debian.tar.xz
 3e5ef0f267aa35e7a95359564fcc3b8ac15c882cf7fca5c35be8d73d522a264b 11986 curl_7.74.0-1_amd64.buildinfo
Files:
 d838371de0b582e6e826af7d7b9c54ce 2686 web optional curl_7.74.0-1.dsc
 45f468aa42c4af027c4c6ddba58267f0 4043409 web optional curl_7.74.0.orig.tar.gz
 98c41a5c5613266823bb34cdc4f6e2f9 31404 web optional curl_7.74.0-1.debian.tar.xz
 fd4a0a35b084d849df218f00c728f497 11986 web optional curl_7.74.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAl/t86oRHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRyj/jxAAk4+AVoYasd3VwyHY1T+mjBkPKj+A/tko
quxLDVIqdLclQOzpinww4h8bj3eRQHAiiPFK8bdwwwgUNSsiyQdZwI+TdanDMmkn
blmlhy3CNlA8BXorvSehgQEXMP7NkVXdqLeftF/Xww1dnnYnd4VCS2YJjwB92iZQ
AtH7ZBGwD54obc2B7AH2hgr+L1PurVShE7Co2+LC40/Mc8zMGJolXKgo5AFuHWla
2HOy4p0+xh2nuyD15s8aj4BySAL6RyU13JswtmEo4JoAHORtLy2J3MApveR6tsji
RjC35IYlrI8hskv7OCO6ZcXLp3fnPD08js6Tew6mAuUqE87AengOgvesJJBlAhAg
CJy83Av2+Be0XeCXEMweNHx60BObx7RnQgy66RkMqC+Ij1rNKAo14M+MPIYmNQDw
/km/ihcGWwQ/cpqGD1R5DXxE7c5b57T3y+r0eFkDMgB7+3L1UPStdjJ/Tt0coDkn
mNBJvgzKcJpPL6VwtjPTEmqQ7NhnFEnCu0PcCGS9SXs6Z1Lgu2EKsVicsbvoPcEJ
Oflcsua4Tj/DHBWb6S4xN4992mzyRXYU/2OzHELZc8ZPIZw6wR8wkK/ckXZqiuV2
LN5Su2yTAP2DhpriWIC4EpRLMPB69FHbveXN5YB433LH6af95DmFLi2AXlFNX4ur
NWT7Cuq7n2o=
=LGSs
-----END PGP SIGNATURE-----
News for package curl
