Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.86.0-1 (source) into unstable
Date: Thu, 27 Oct 2022 21:34:32 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Oct 2022 20:38:24 +0100
Source: curl
Architecture: source
Version: 7.86.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Changes:
 curl (7.86.0-1) unstable; urgency=medium
 .
   * New upstream version 7.86.0
     - Fix HSTS bypass via IDN:
       curl's HSTS check could be bypassed to trick it to keep using HTTP.
       (closes: CVE-2022-42916)
     - Fix HTTP proxy double-free (closes: CVE-2022-42915)
     - Fix .netrc parser out-of-bounds access (closes: CVE-2022-35260)
     - Fix POST following PUT confusion (closes: CVE-2022-32221)
Checksums-Sha1:
 3b840c160623660fd72f3aba3416d6ef1643c372 2955 curl_7.86.0-1.dsc
 1c314d3f2229ea932d10cb803f3e26f3fba630ec 4232231 curl_7.86.0.orig.tar.gz
 be2b6791b59ded714d9c8abd634d21789f9a96dc 488 curl_7.86.0.orig.tar.gz.asc
 1b8ef9b2bf97ea0bbfd8f6fd42c4a86ed79b9285 38052 curl_7.86.0-1.debian.tar.xz
 f0247f08a62bb724cebd3520d464e52db0b43d8a 12775 curl_7.86.0-1_amd64.buildinfo
Checksums-Sha256:
 6d0d2811c50989b48ba09b448e92fee6fabaaf9bbfe322ec605a1d0874a23392 2955 curl_7.86.0-1.dsc
 3dfdd39ba95e18847965cd3051ea6d22586609d9011d91df7bc5521288987a82 4232231 curl_7.86.0.orig.tar.gz
 8e31713d4513023e44a2034af660b2af6240a8501cadf153f96431cd34f5fc31 488 curl_7.86.0.orig.tar.gz.asc
 602f79d533ead20e989c5019685b1ce1e2413143f0997f3ad4d8fae8a235c4db 38052 curl_7.86.0-1.debian.tar.xz
 083b6ce88974f141f76951211a255bf06f9dfd2c81fc02f744941105157d6a0d 12775 curl_7.86.0-1_amd64.buildinfo
Files:
 99bde56cc77318c3a70e447c89843102 2955 web optional curl_7.86.0-1.dsc
 f44246e7c13cd91f07095fe63c06353c 4232231 web optional curl_7.86.0.orig.tar.gz
 ebe290e2be2961ce081e50c91e2dbe5b 488 web optional curl_7.86.0.orig.tar.gz.asc
 885580b7f0eea2419ff1fb8859aa6880 38052 web optional curl_7.86.0-1.debian.tar.xz
 aab8842de1c60925fe763e2325892f32 12775 web optional curl_7.86.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmNa814ACgkQu6n6rcz7
RwehVRAAzWjH7odCcqbmHVoC+FJ/bZlcfCY5mz81jRUxwg05IpdhReteACttagTQ
hoCLfD86y2oDwX9WjZPP56qbu7D9r+BvNll3N7cSz0nxNrTMb2lrB75jeoyguoXU
SGJpRWm6vyEyoGCUkSOgY1k3xEIAbwv+wd+rG+70cEv0CqOOdWMAnCTUmp6nbjmw
RH2KyCZZ6/NkkPHwaE00iuM7YLASldgaxAINQ0DpLl9X7AryQErH9xdkZ751iNXU
SCYjxqGBFTMlQDESk7yclprR1D6ynyKdp7Ft7YOkJc9mmcWNln4LbKJkT5VFzyAZ
AmJCLlOI/FXfUzCeYGUTmtJ6kA//eGpinWx0kQehwN+2P12RpiOotJSd4FfILjDO
5fxXJ6VhFwnr7GCICuKnEKw/GsufRKhd4O82uGIXZoFb5kphIKn7/o3cck9765Sh
Ct2Qx1zxHfpCviQlMWpYNEOMv3Y9eHfSLlcNlxKwzUWzCxR05hBSa5zbK9JWwDqs
sG5surFQCMpm0KXi5R1t6FeerCu8vrf6TAW9PZzyFoPyyVYXlnmZxp1Kwzzk5OKD
by/0Sk6b9F4vOxZq0jQwAhMk/MR5DuJK/LjSljG5OO4TuKBLtwcEf0WSNHXGm5OY
8j+2YIvzwIATqNdPb2ggsJGMW8n33njn4E7FNO2x/OVceoF9Y1Y=
=NrgE
-----END PGP SIGNATURE-----
News for package curl
