Debian Package Tracker

From: Alessandro Ghedini <ghedo@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted curl 7.21.0-2.1+squeeze8 (source amd64)
Date: Sun, 13 Apr 2014 17:02:29 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 09 Apr 2014 19:47:38 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev libcurl3-dbg
Architecture: source amd64
Version: 7.21.0-2.1+squeeze8
Distribution: squeeze-security
Urgency: medium
Maintainer: Ramakrishnan Muthukrishnan <rkrishnan@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description: 
 curl       - Get a file from an HTTP, HTTPS or FTP server
 libcurl3   - Multi-protocol file transfer library (OpenSSL)
 libcurl3-dbg - libcurl compiled with debug symbols
 libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
 libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
 libcurl4-openssl-dev - Development files and documentation for libcurl (OpenSSL)
Closes: 742728
Changes: 
 curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium
 .
   * Fix multiple security issues (Closes: #742728):
     - Fix connection re-use when using different log-in credentials
       as per CVE-2014-0138
       http://curl.haxx.se/docs/adv_20140326A.html
     - Reject IP address wildcard matches as per CVE-2014-0139
       http://curl.haxx.se/docs/adv_20140326B.html
   * Set urgency=high accordingly
Checksums-Sha1: 
 50bc91eb47330235b2a5bfddf8e554a1d7c3579f 2151 curl_7.21.0-2.1+squeeze8.dsc
 ec43964ff203a7ef144903d30112934e359793d9 102771 curl_7.21.0-2.1+squeeze8.debian.tar.gz
 f7c5c6fa4d2c3a33f207b6bdd901eec72c0c4796 229044 curl_7.21.0-2.1+squeeze8_amd64.deb
 7f72bfaadfd8dda3dc5f497769ad1796b531c9a2 284748 libcurl3_7.21.0-2.1+squeeze8_amd64.deb
 e2489a9a6fd805ee680aac18a6380086be121791 265604 libcurl3-gnutls_7.21.0-2.1+squeeze8_amd64.deb
 3b45b78e781a933ac08b89b70906ab0316fbde61 1100028 libcurl4-openssl-dev_7.21.0-2.1+squeeze8_amd64.deb
 de31c59a6773bd447b646cfc96f58f089a223b73 1076146 libcurl4-gnutls-dev_7.21.0-2.1+squeeze8_amd64.deb
 cb0a78c21cce9568257d088dc232fc1176955f2e 106632 libcurl3-dbg_7.21.0-2.1+squeeze8_amd64.deb
Checksums-Sha256: 
 77e07245528ae15a97d124d82da14f20ce7c95df89430c0b1d3069132033dee5 2151 curl_7.21.0-2.1+squeeze8.dsc
 85470c161b31e2b5c516bbb243f9d3d1b4d83228d4be2cabce22310a63946980 102771 curl_7.21.0-2.1+squeeze8.debian.tar.gz
 6ded9a857b6e33c61b80416b48b5b7cd38591cde43e617b8b4aecd6f260a869e 229044 curl_7.21.0-2.1+squeeze8_amd64.deb
 d680a70ed55147397ad2126fcd6cdc2769d902771bf91937c6db8415f1c7052f 284748 libcurl3_7.21.0-2.1+squeeze8_amd64.deb
 a08ff8ce95ba6eab73ee80701e27be91ac5d818eeb8ba887ae671c46eed68936 265604 libcurl3-gnutls_7.21.0-2.1+squeeze8_amd64.deb
 f9bc5386461ea7da2558bd6f562ad76385c58c43b8507bcd364bb1a14af33c4d 1100028 libcurl4-openssl-dev_7.21.0-2.1+squeeze8_amd64.deb
 c0cbecd1556383ee1887c4e1461fdd16cadb00b0359a1692053febee64ceea43 1076146 libcurl4-gnutls-dev_7.21.0-2.1+squeeze8_amd64.deb
 047bf02f48563d71ee56a8faaf97975fd24fa4c1c259781eea4513516fda4b29 106632 libcurl3-dbg_7.21.0-2.1+squeeze8_amd64.deb
Files: 
 6d113573d45741d6f69cfab6f2388094 2151 web optional curl_7.21.0-2.1+squeeze8.dsc
 bd41969a372ba02c4d2c9a392d08320a 102771 web optional curl_7.21.0-2.1+squeeze8.debian.tar.gz
 3b5a3dc9e36e351151a5488c4aa85aad 229044 web optional curl_7.21.0-2.1+squeeze8_amd64.deb
 2aec9d8be465ec9810351e6d4ed181ef 284748 libs optional libcurl3_7.21.0-2.1+squeeze8_amd64.deb
 bb758639cf48ab179fa6dc0727203168 265604 libs optional libcurl3-gnutls_7.21.0-2.1+squeeze8_amd64.deb
 52ae75b00eba599cebf740315ded286e 1100028 libdevel optional libcurl4-openssl-dev_7.21.0-2.1+squeeze8_amd64.deb
 d0ae33531f5e544ebe9d293681207ae5 1076146 libdevel optional libcurl4-gnutls-dev_7.21.0-2.1+squeeze8_amd64.deb
 590a7973511a17a95fca8eca59393536 106632 debug extra libcurl3-dbg_7.21.0-2.1+squeeze8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTRZZ+AAoJEK+lG9bN5XPLwCAP/RmISKZOtwXIIhZqvi+bThgZ
Jm2REeW8mFk48rC1g6VN1TxfOUFMt1MfJioq7cjEom7CnEj1MTKb+6ap6dB+sKeE
b9EXNpmKmJosxpnsZczirldoOXjE4iQ9WfuaWOh9cxMa/O3JCTUnP7yCic3k/sxj
LVVzw3LovzafXK2BfwbDe0U0Yr7Pfw4PzN4jrSNCstBUcQIuW3g6YcQj6O8tbwsw
NIGtDa1EyA96VJJG6NxcPfnhwEoziP0+OTVAzVSRAerVihoz2F77i27JblSKeSKt
zI2lxU9n0LtgUIQmGDVyVO2a5nRQaPFl1y52JXRykZZovioEBSdbgmegst9PPSAV
s1iMGwfcEgtL+A+7hE9iH6YOPnTWTecmFwnBHtIyKgfrE09hCh0zdj2prnh1heHs
NfNu82VmCspQwG1xGXluLzDiPe4DBV3Sx0CsO/BLhBs1nutxGZj8eaGHqKod5fMV
i+yK0mo7eMPg2Lawxm1JhX5xRvB5gYLm+7tpuBIDQoksqfg0UUFgk7gDbFXvikmB
Cz59v7y5dbQ3NvDbYZ5B/drHz2VygOHETdR7FtvDHGwgHqePTffgqsBdqG2MlMXi
FYN1vJG44zvbOx8rJd/GaZoJYDjWVZYbSfXi7WKDsIzUvGLl4ZCmtBrAgAuyXshP
ZeqHutuEBCLBnj2yKu88
=XC1s
-----END PGP SIGNATURE-----
News for package curl
