-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 11 Mar 2009 15:33:08 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev libcurl3-dbg Architecture: source amd64 Version: 7.18.2-8.1 Distribution: unstable Urgency: high Maintainer: Domenico Andreoli <cavok@debian.org> Changed-By: Nico Golde <nion@debian.org> Description: curl - Get a file from an HTTP, HTTPS or FTP server libcurl3 - Multi-protocol file transfer library (OpenSSL) libcurl3-dbg - libcurl compiled with debug symbols libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS) libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS) libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL) Closes: 518423 Changes: curl (7.18.2-8.1) unstable; urgency=high . * Non-maintainer upload by the security team. * Include upstream patch to prevent overwriting and reading arbitrary local files or command execution via malicious redirects depending on the setup curl is used in. NOTE: This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which includes the protocols curl will follow on redirects, scp and file are not included by default (CVE-2009-0037; Closes: #518423). Checksums-Sha1: 5d86f1c5a62a9dbf0a6d5dfd4b1c1b2d1ef7d456 1402 curl_7.18.2-8.1.dsc c08b70a2a04bffdb5f7c9693a7e96b0c0b4225ee 27463 curl_7.18.2-8.1.diff.gz 201e466faddd0b2d1ddfea8dbdcf07f8815df266 209292 curl_7.18.2-8.1_amd64.deb 168e65729c0cbfe9ce490cac00039d01abebfe9f 230774 libcurl3_7.18.2-8.1_amd64.deb 7363c7adf13e8e56dfd34701fc346825eb03361b 214634 libcurl3-gnutls_7.18.2-8.1_amd64.deb 7c1f31999070b009ce1b2c0621031987470eef8d 951892 libcurl4-openssl-dev_7.18.2-8.1_amd64.deb 063cc9300736d13a8e0766638c779ebb676c7952 931676 libcurl4-gnutls-dev_7.18.2-8.1_amd64.deb 8499ed1e212a0196660bde6905b0a4b877a7b099 1180246 libcurl3-dbg_7.18.2-8.1_amd64.deb Checksums-Sha256: 2d257683cc160bbbc3fd357852ce74d6f14e459a390fca1cf9e6a88c411c662d 1402 curl_7.18.2-8.1.dsc d7bb99e6a2334519a0db16fa11a03af98a8ed5649c805eeadcfbce2cc51588f7 27463 curl_7.18.2-8.1.diff.gz 833218d98cc56e476b654be3858ee911f91247a284a65fb0f099ac899cd8ed77 209292 curl_7.18.2-8.1_amd64.deb c0fe7861386408e28d9e038c2b10dd07f84b387cf659879dc94f2eb9dc2690bd 230774 libcurl3_7.18.2-8.1_amd64.deb 8d21a992290a5aa9e3fd03919dc37a52fd67fe6f2c3a104e8e48a5c508590892 214634 libcurl3-gnutls_7.18.2-8.1_amd64.deb 119e00b147abcb74738f29ca98b37578ef32102bfc5f41d4e84f8a7cc406929b 951892 libcurl4-openssl-dev_7.18.2-8.1_amd64.deb 8b4a0d71b8e43bd867c02ab4dce57f27608a59a7be610a34288a39b0cb99de9d 931676 libcurl4-gnutls-dev_7.18.2-8.1_amd64.deb 64d30157ad6f8d0e3cc70462a002ee60bf7a0cd89a5383812005cc387790aabe 1180246 libcurl3-dbg_7.18.2-8.1_amd64.deb Files: b74779128eabfe37571c5112ce10e91b 1402 web optional curl_7.18.2-8.1.dsc 0a643b8439c6d1fa7b91c0b27da5d781 27463 web optional curl_7.18.2-8.1.diff.gz 736a5cdfbebef5180d02a4f47fe6f66a 209292 web optional curl_7.18.2-8.1_amd64.deb 11c1a30604adef38c161df23ecae82a8 230774 libs optional libcurl3_7.18.2-8.1_amd64.deb debce426c791274182376458f48a1615 214634 libs optional libcurl3-gnutls_7.18.2-8.1_amd64.deb a33a48f2fbf9c1bc51303e0b4e25c0e3 951892 libdevel optional libcurl4-openssl-dev_7.18.2-8.1_amd64.deb 0a5d0758b31a6dfffee57e59e16b95d7 931676 libdevel optional libcurl4-gnutls-dev_7.18.2-8.1_amd64.deb 286f14c07e59801ebb19d0b89a0f74c1 1180246 libdevel extra libcurl3-dbg_7.18.2-8.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkm30iAACgkQHYflSXNkfP/CRgCfeExSasg9ZuGGYbEGTzGuL595 6MYAn1IIlBuFYc2cWFnBz0cbqFCmJpbY =qld8 -----END PGP SIGNATURE----- Accepted: curl_7.18.2-8.1.diff.gz to pool/main/c/curl/curl_7.18.2-8.1.diff.gz curl_7.18.2-8.1.dsc to pool/main/c/curl/curl_7.18.2-8.1.dsc curl_7.18.2-8.1_amd64.deb to pool/main/c/curl/curl_7.18.2-8.1_amd64.deb libcurl3-dbg_7.18.2-8.1_amd64.deb to pool/main/c/curl/libcurl3-dbg_7.18.2-8.1_amd64.deb libcurl3-gnutls_7.18.2-8.1_amd64.deb to pool/main/c/curl/libcurl3-gnutls_7.18.2-8.1_amd64.deb libcurl3_7.18.2-8.1_amd64.deb to pool/main/c/curl/libcurl3_7.18.2-8.1_amd64.deb libcurl4-gnutls-dev_7.18.2-8.1_amd64.deb to pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-8.1_amd64.deb libcurl4-openssl-dev_7.18.2-8.1_amd64.deb to pool/main/c/curl/libcurl4-openssl-dev_7.18.2-8.1_amd64.deb