Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.83.0-1 (source) into unstable
Date: Thu, 28 Apr 2022 18:19:06 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 Apr 2022 18:53:32 +0100
Source: curl
Architecture: source
Version: 7.83.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Closes: 1010252 1010253 1010254 1010295
Changes:
 curl (7.83.0-1) unstable; urgency=medium
 .
   * New upstream version 7.83.0
     - Fix auth/cookie leak on redirect (closes: #1010252, CVE-2022-27776)
     - Fix bad local IPv6 connection reuse (closes: #1010253, CVE-2022-27775)
     - Fix credential leak on redirect (closes: #1010254, CVE-2022-27774)
     - Fix OAUTH2 bearer bypass in connection re-use
       (closes: #1010295, CVE-2022-22576)
   * d/libcurl*.symbols: update symbols files to add curl_easy_header and
     curl_easy_nextheader
   * d/patches:
     - Refresh patches
     - 12_fix_openssl_cm_check.patch: remove patch, applied upstream
Checksums-Sha1:
 2e200642ccdc981b903745802a957e961ae38e62 2959 curl_7.83.0-1.dsc
 fc00521a2bef4a89cf27a71223aba1cd3ec15c04 4162166 curl_7.83.0.orig.tar.gz
 31301abe413107a670e36b476d6b60d7d658724f 488 curl_7.83.0.orig.tar.gz.asc
 ee895b17ee7fe63696acba85e6b9f76c5e2b2494 35460 curl_7.83.0-1.debian.tar.xz
 90ade519fc183cd5d65c9340ff314aa376daf418 12838 curl_7.83.0-1_amd64.buildinfo
Checksums-Sha256:
 0e797893ae93c544b30b06e6b04ca7ae5bf32339e4b194906225d2bb5115fc62 2959 curl_7.83.0-1.dsc
 c0e64302a33d2fb79e0fc4e674260a22941e92ee2f11b894bf94d32b8f5531af 4162166 curl_7.83.0.orig.tar.gz
 f6ca16283d7713e38a4210044c9dc06ba6ac1d924a7ed4f47abcf95d626ba365 488 curl_7.83.0.orig.tar.gz.asc
 beab6cdce7bc9dfe3bbc05810188abc93309b7e84eade72f54189017bc4882eb 35460 curl_7.83.0-1.debian.tar.xz
 735c2e9ce588132ce8ef41ecfae549fc8140d69c763b50478a1c55f2503be759 12838 curl_7.83.0-1_amd64.buildinfo
Files:
 a65e0178267fea0257bd82a6155af752 2959 web optional curl_7.83.0-1.dsc
 1ca789f6ed0f023795301980f0758b39 4162166 web optional curl_7.83.0.orig.tar.gz
 c3697e0cbb07ebdb68ba98b7ce5fb107 488 web optional curl_7.83.0.orig.tar.gz.asc
 8c02f6e7c26c13b4052db12cd2d2d379 35460 web optional curl_7.83.0-1.debian.tar.xz
 8f436f2babea299c7bfa08d43854c126 12838 web optional curl_7.83.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmJq1uUACgkQu6n6rcz7
RwcHhw/+NbIxIv+VomyRSrGsVYuX92bL/lUgFk3gBv3mdNhsmPvs9t1AJ0cYspHl
YYJRBZT4c2+0cJ/CaRxohnLHC1KYxPIHc2fysbrnuMPbSbaLIybRsq342vpnVqhH
8ppyIkd87s5pT8Cd/0xWzmgAyVKZm2zqXtBFqpU/RLjov6gdZIvAUseMY4viwx3H
ibD22dAHWllFVOSd2UENEjZJWy0NCCkhR1e8ZFU7nK+4XY7uOrrF0k+tHVkdoo8p
jGViQVmpsnQdJcWJaByJCz4XAtnvZtDZNBvJIzNgY785VsK+otoM426DYLQJEqXY
j7uIqSnHGJKRut8UF/DY84CIGtcxVZ0cfxoRbSzQqOY0YQ+wdh8GT8NUjahHDg7C
pJADJfZg7RCbBTcFOxorZ88NmUlySjwX10ARQQ1yJT440FjxpsR5GwC1dqi+DjFb
9PfmIiD72hQ7yYTWHfCDBMy+rEYhpkC74MfIeAakl+PNmbEsWv5C+DzXKsUbBATr
cwyvLMsxOTz8zymGwPKpkjTlpNuHr7vHpZK7sQZd565qFC4y+hPra8G2KNlntkXr
muto4qqG3Vgg+pjxKpKvJVK/NLNRddhg/GCVlcCKpbR+KSCpyCNCham/jCabyo9z
4/upXoiB47vdLmCVDZgIRaI0XGu6KFYIwbat3D9AtTfJFrB3zbs=
=m76A
-----END PGP SIGNATURE-----
News for package curl
