Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.83.1-1 (source) into unstable
Date: Wed, 11 May 2022 17:19:10 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 May 2022 17:46:48 +0100
Source: curl
Architecture: source
Version: 7.83.1-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Changes:
 curl (7.83.1-1) unstable; urgency=medium
 .
   * New upstream version 7.83.1
     - Fix the following CVEs:
       ~ HSTS bypass via trailing dot (CVE-2022-30115)
       ~ TLS and SSH connection too eager reuse (CVE-2022-27782)
       ~ CERTINFO never-ending busy-loop (CVE-2022-27781)
       ~ percent-encoded path separator in URL host (CVE-2022-27780)
       ~ cookie for trailing dot TLD (CVE-2022-27779)
       ~ curl removes wrong file on error (CVE-2022-27778)
Checksums-Sha1:
 b1cdee8cc68f414a939b04333d18b7a990e9681b 2959 curl_7.83.1-1.dsc
 0073c0eb2d5199688334b8bd9f49e46c1f4ea35c 4162207 curl_7.83.1.orig.tar.gz
 7bc0820301aaf8c24c615ea62a348d9b74c39349 488 curl_7.83.1.orig.tar.gz.asc
 220164c8020289ce8154371f5cc8a21788f1bb22 35592 curl_7.83.1-1.debian.tar.xz
 977599f41730efc387ab734fd689545bc3da8171 12798 curl_7.83.1-1_amd64.buildinfo
Checksums-Sha256:
 dfcfd0faaa0828ed44e32512e2ce3343de5e82ddeb1ac90e448b11cddc98fc49 2959 curl_7.83.1-1.dsc
 93fb2cd4b880656b4e8589c912a9fd092750166d555166370247f09d18f5d0c0 4162207 curl_7.83.1.orig.tar.gz
 b8bd927f15bd02cb0bd831ce6d7c9f7406a1b6d8fb2d1bd1c10f16144d8491c4 488 curl_7.83.1.orig.tar.gz.asc
 583fe1667fb6374d32923ec8cc43b775cec4461f2201cec9e512a1136240bdeb 35592 curl_7.83.1-1.debian.tar.xz
 ba4de13a0c5515a5d72717c0f0a432bebc0ad6aefcaa2e5594d7ea8856f6f393 12798 curl_7.83.1-1_amd64.buildinfo
Files:
 006717edac99491699f2c0f6a3fe4ac2 2959 web optional curl_7.83.1-1.dsc
 0dc6c66339d925a6a03ff343f98d095e 4162207 web optional curl_7.83.1.orig.tar.gz
 9e05b4323536471ed6a155a60c6c9f96 488 web optional curl_7.83.1.orig.tar.gz.asc
 377fc473e6e6f2c6a573d7a182e123a7 35592 web optional curl_7.83.1-1.debian.tar.xz
 86807a04be3f29f0302351755c0bbbfc 12798 web optional curl_7.83.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmJ76ugACgkQu6n6rcz7
RwdbVw/9EjfzvRxGU2vOAvaphUlS5UQM/l8zdDFuKk9vyvF3YxjwNSxVN6GeDyiv
s1svYOwf3ShF5VoK7BeWeXnXYQbkmjOVKZHlUorrKIS3RXs4Bz4G/VE7kxkItjuu
aiw/37MP86ekYplluFa32yAszH6QyiEvjDqBgE1X3+12vzJ1M93qdqJmlXM/Z0qg
Gio0jeGquTf6YmUx1L966T+rhRIIHp3mYI0eK/SPSihL7sU6H9jm5j4+kNvu8ck7
+KPh0m1/AaTqAZcldUHaWjkqk7YGsEYO/1WUqosRPPpCJxOgGFJ5urw4M6m3X20l
rn8Gm6scDs7d4j6YIMFFFxFFvIwzBDQPliReOq4t3BPwFxuUbPqNYbq9OYWqSxhG
L5WP1sD4Tx+7f9riTeuukiw4IIPtPd/4clCyYaYkxmePfQGwj9QQ+Mp8JbTP7ge3
6M9q+iN8DbLFlsMpvC1Y9Kivl5WAQfAzjfKEgHjFwF+J/cidkgU0YZMdTW2E4W0M
hPi3BNKUQc9rDMyA2PSe9+RNr0JL3k7kOm94UbwOPXe+tyl0EMpPe0ZSOaNcKWkZ
8IbNicVBDNejNIrrMfVbbGKNWZRWjD4uQuGZELiQkhJjAo00v6BNDD7oquqqbZwJ
hlM70YBO/H39yZoMB9oDAo71Na5eyVECpBCOC7ZqIYDrCct5510=
=8J5z
-----END PGP SIGNATURE-----
News for package curl
