-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Dec 2022 09:35:15 -0500 Source: curl Architecture: source Version: 7.74.0-1.3+deb11u5 Distribution: bullseye-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Roberto C. Sánchez <roberto@debian.org> Changes: curl (7.74.0-1.3+deb11u5) bullseye-security; urgency=high . * Follow up to CVE-2022-27774: The patch included to address this CVE in 7.74.0-1.3+deb11u2 was not effective and the vulnerability was still present. The patch is corrected and the vulberability addressed in this version. Thanks to Kamil Dudka for providing the patches used in CentOS 8 and 9 and upon which the corrected patch is based. Checksums-Sha1: d14f110e29623cf901fb88ccd2363daee92dacc9 2699 curl_7.74.0-1.3+deb11u5.dsc 5bc7d9450150d2b974db3375e84b52718b4b0098 60336 curl_7.74.0-1.3+deb11u5.debian.tar.xz 8388d931736e3ebf01bdf4dc914150c71795ab4a 13007 curl_7.74.0-1.3+deb11u5_amd64.buildinfo Checksums-Sha256: c43b937336f7efdcef923ff34cdf84d0aeda379e2fe1e3ae2f2762473ddd4c87 2699 curl_7.74.0-1.3+deb11u5.dsc e45ea76251781c469b1684b7c3986fb3acc6af0910dccae564f7d61eef83641f 60336 curl_7.74.0-1.3+deb11u5.debian.tar.xz b36f5af8d69b7c7110533bf60a97491dda807185535e8dccfc0018c3d078b5e9 13007 curl_7.74.0-1.3+deb11u5_amd64.buildinfo Files: 14616507de7b18b3bbce722b83e4a119 2699 web optional curl_7.74.0-1.3+deb11u5.dsc 1f56c615086d906875ebc6d62516d03a 60336 web optional curl_7.74.0-1.3+deb11u5.debian.tar.xz f5fd87aac6213faf2e2a5779475d7613 13007 web optional curl_7.74.0-1.3+deb11u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmPS1xsACgkQu6n6rcz7 RwcoeA//ayDmAlRvUJOTKL958mqz6Wh50cAKlkDA4jsBsQiyarrR41CZ08nUyYKW +JN/ebYogjnvr4YU9VVaolTDKTBfJokwx+sOngXb2oaThkeHF4DPXs7C9JB7yLxd 8ISCkgfAHoYI1sYKMJ1o5viF0ReMDa4fuxocGL83vop3+RO6swSJ8+js/54Rdfpy nWtq0WJ2Q1ycOlt8gayjk8cvUzmVudFH6K9SojjW/B1Etjk/aj2cYUHkz/VavCqR uJxyVkyOb6Y7OW7SnweVO39pycH1ANmRB9LukZzQa34sbg+njPAhelYERQyb+h0Z aXyDhLPffuljRwoHmCekNAAufHYmcruocGfZsHMJOHLyqoOmSlWNl3txiCWit1wJ H0uA2J5cEwmyZ3uZWomygCZBSGDeA9pL0N+twxi13AEZp1DcYtn6ndpGh6FgG/FC GwaJufZzLTQ3HKHRTa0b7ctxedPxen41iSwEv+jXf6K9BGfsDlSMegD84QB4FoQS RO8txdAYvBhlnX2kB0eONwO5UewOR0q7p/PWCy4yihnt6wGTMV3VrWgjNILNMYwA /VWrMC6WCx5dYuf/6FJEDm/W4vE5G46ddq6GvEAJIQz2YUAGIOkZmCfD532Ocraa kxJgaUJlANHApqISy8lZoHPuL+EvzM56kSN2sqHOJpcOrmnK6bc= =++DG -----END PGP SIGNATURE-----