Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted curl 7.64.0-4+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
Date: Mon, 05 Apr 2021 13:32:06 +0000
Signed by: Alessandro Ghedini <ghedo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Mar 2021 21:56:00 +0100
Source: curl
Architecture: source
Version: 7.64.0-4+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Closes: 965280 965281 968831 977161 977162 977163
Changes:
 curl (7.64.0-4+deb10u2) buster-security; urgency=high
 .
   * Fix partial password leak over DNS on HTTP redirect as per CVE-2020-8169
     (Closes: #965280)
     https://curl.haxx.se/docs/CVE-2020-8169.html
   * Fix local file overwrite as per CVE-2020-8177 (Closes: #965281)
     https://curl.se/docs/CVE-2020-8177.html
   * Fix use of wrong connect-only connection as per CVE-2020-8231
     (Closes: #968831)
     https://curl.se/docs/CVE-2020-8231.html
   * Don't trust FTP PASV responses by default as per CVE-2020-8284
     (Closes: #977163)
   * Fix FTP wildcard stack overflow as per CVE-2020-8285 (Closes: #977162)
     https://curl.se/docs/CVE-2020-8285.html
   * Make the OCSP verification verify the certificate id as per CVE-2020-8286
     (Closes: #977161)
     https://curl.se/docs/CVE-2020-8286.html
   * Fix credentials leak with automatic referer as per CVE-2021-22876
     https://curl.se/docs/CVE-2021-22876.html
   * Fix TLS 1.3 session ticket proxy host mixup as per CVE-2021-22890
     https://curl.se/docs/CVE-2021-22890.html
Checksums-Sha1:
 e7bfe179e70e0c6a02f11e3ca3130355fd3be93c 2719 curl_7.64.0-4+deb10u2.dsc
 5911d4400e988ae52368f2266a5f84378983dbde 4032645 curl_7.64.0.orig.tar.gz
 c6b7e99c08ba9ef033f32af314d9e808a6b59c6f 43572 curl_7.64.0-4+deb10u2.debian.tar.xz
 6448a78606ba243b5d713250d770ac9d73d31af7 11659 curl_7.64.0-4+deb10u2_amd64.buildinfo
Checksums-Sha256:
 3cc585f4c22c0c001527f5f26f5a6154a86d1df9752aa118bf7d8e892ec4fac2 2719 curl_7.64.0-4+deb10u2.dsc
 cb90d2eb74d4e358c1ed1489f8e3af96b50ea4374ad71f143fa4595e998d81b5 4032645 curl_7.64.0.orig.tar.gz
 6b7f793e0cd41e2ccb49301ad4e58c83282f46be7c9415c9280164834efd0e52 43572 curl_7.64.0-4+deb10u2.debian.tar.xz
 f428bb827ea0863cf47d428a917babfd6464a1c27d7f95d87cae4615a35ebcb8 11659 curl_7.64.0-4+deb10u2_amd64.buildinfo
Files:
 9ebb5611fb1e1f3a686ea47cbab3777a 2719 web optional curl_7.64.0-4+deb10u2.dsc
 a026740d599a32bcbbe6e70679397899 4032645 web optional curl_7.64.0.orig.tar.gz
 9bd992a087441e54854d4ef94c12bef1 43572 web optional curl_7.64.0-4+deb10u2.debian.tar.xz
 eed9c6471b398413a71c4da9e3e0a9d6 11659 web optional curl_7.64.0-4+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAmBjmZIRHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRyi+Dg/7BsQ+EU+Q1k/fiexmNbyENpeM6C6J+Viy
JHubBCH0Vw544VkCh1nsqxfoT89o4+g8kmXCjV4sxhHTL4FAN1auB/8H2Tke6Btb
BJvuVDcRDjf0XR50dx8EqVMB42knMt+ulrx4z84QLpNDtiwn19igfsedv28ctVnO
AWJmR39DMLUQ7KZqK1N5o8rfgjSHGCi6WwNPea8OYT9C8mnjE40y/TyQbheSDH5u
zKVxHc2BubBbJG0NVG04SlVPVHGdUW7SDgZZ5sX7bUWnBWfKH2oIUiVUPAlp13Au
2wxE0rfiL9aC9wVpkZuI+0wXSVANsq1acGPZx52IUpXhCOuguG2B664Wcz2p9HEp
wK8vtcyJwMsFf1oFpQaRYnramqa3xS0vvYu9bPUIPoYqNWyIURWsjHwpkpHSYWsU
maDiXP/dMzX2Tw94wWBYqjZMSiH8jRFT06QTIHrS0/SNtOtJfT9rWn3AnP7qJ5xZ
1pWeQwcpRKhPfCcehnqg9E6EZGK1mKb8ezhVWFgZFblSlE0dyu7uTOYGFFeD4H1c
XJqLU17N2sSDkyvG0NsYhzCoJCzojf9dswJL3WE0HOuXTpMTO+eRX20CpBX6JJuX
xaeBrzxN+aKoHGlX0QC9E4wlXz2lICtEjwnrAbSCUNLOSwDaE5XHAvIkt2Q7V6Ke
svdrkwGTmkQ=
=h3n7
-----END PGP SIGNATURE-----
News for package curl
