Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.86.0-3 (source) into unstable
Date: Wed, 21 Dec 2022 21:50:30 +0000
Signed by: Sergio Durigan Junior <sergiodj@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Dec 2022 15:55:18 -0500
Source: curl
Architecture: source
Version: 7.86.0-3
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Sergio Durigan Junior <sergiodj@debian.org>
Closes: 1026829 1026830
Changes:
 curl (7.86.0-3) unstable; urgency=medium
 .
   * Fix two HSTS-related CVEs.
     - d/p/CVE-2022-43551-another-hsts-bypass-via-idn.patch: use the IDN
       decoded name in HSTS checks.
       (Closes: #1026829, CVE-2022-43551)
     - d/p/CVE-2022-43552-http-proxy-deny-use-after-free.patch: do not free
       smb's/telnet's protocol struct in *_done().
       (Closes: #1026830, CVE-2022-43552)
Checksums-Sha1:
 05f0961a9715c55c229ef61e3987a368f79bae76 2984 curl_7.86.0-3.dsc
 1d1606131b7457c50a84f869efd357ada13284ac 41656 curl_7.86.0-3.debian.tar.xz
 6bf113b5b0b83aa5da28bcc94285b340dd6a1ce0 12826 curl_7.86.0-3_amd64.buildinfo
Checksums-Sha256:
 0d827d32b5a11cfc755fac6df75641ac2a6236ceec4e1ada1086b8505835d58e 2984 curl_7.86.0-3.dsc
 466e1fcf4fa5726ef86ee254c8725e11837395ebb9c41ee13fa4cea15b77956f 41656 curl_7.86.0-3.debian.tar.xz
 5cd8d28cdd6798ed67caee5c80732cbd5befb84682b0af4817f69bfeffb84873 12826 curl_7.86.0-3_amd64.buildinfo
Files:
 1e7d4bd4084636525d7a2b8706b56833 2984 web optional curl_7.86.0-3.dsc
 d803d3feaee509f9ad57979488c5ca9a 41656 web optional curl_7.86.0-3.debian.tar.xz
 fc56bcf4ae7e335fdf0eccfe562d7dd5 12826 web optional curl_7.86.0-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEI3pUsQKHKL8A7zH00Ot2KGX8XjYFAmOjeioUHHNlcmdpb2Rq
QGRlYmlhbi5vcmcACgkQ0Ot2KGX8XjazcxAAgCSsR7wCWZg+tCx2gzQTMejrlinv
eVxXvVzTAdHvf5YauNL+qYSY5quo3E8yDsYn3mDr5PCE1ge6xDk7idR+ziq/WOQQ
vR1tFsLCNbmB324+UVGe77tAcE4ECSlScVX+P0b9vUFeSRgrexXv5NVGGce9AE+U
Pfdly1yJugLC3bveqy3agMCcOMLKH9UZyErUXHMML/+aESNbFlPkUMPRzk5K9PW0
v2bZRmvlmlX4beAJI9YzY7DNPPPUiDmy5FvvmckfP7tn1yb6yPJ/J+w2N8f97738
4RoeUPVqX1JfC1m1lkwdoYMLM5gd+1PYCIjKbzUlZsnL9B5VXPi+vYcWXzpJNCSn
fiHXAAjMgR6deAi/v88sd8TB1hhrBn4GoEXSilSpInEBhoYFfMUuKCO4Ku4MBljg
wpjBhrdCQ02T7IYU1iBZ8TQu23gb7/aj9r8i722AYBnmNEcYFmytuXAi36z1Cg2y
k8TLG6BLvNE6DXXrg4rnTZTsWWZgWWaIW+UeLmsjYAzWzjPXbZChp7lhZ2u8B4vg
K4UeeduPTs0HB6rXUZD4Et15SFVQrCRHfqJXNey8cyRTHpNnHvGSv63hrBMbAiH0
AuXz5Y4h77aPAKe1cGTNv6PF2k5QuOm7gc3FPNwbJpgF3sO3uE53Arp7qD2o0VWQ
6oWyZqFRBKErPss=
=Bkbs
-----END PGP SIGNATURE-----

News for package curl