Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.88.1-1 (source) into unstable
Date: Mon, 20 Feb 2023 23:04:42 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Feb 2023 22:35:53 +0000
Source: curl
Architecture: source
Version: 7.88.1-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Closes: 1029231 1031371
Changes:
 curl (7.88.1-1) unstable; urgency=medium
 .
   * New upstream version 7.88.1
     - Fix the following CVEs (closes: #1031371)
       ~ CVE-2023-23916: HTTP multi-header compression denial of service
       ~ CVE-2023-23915: HSTS amnesia with --parallel
       ~ CVE-2023-23914: HSTS ignored on multiple requests
     - Fix curl_multi_socket_action regression (closes: #1029231)
   * d/patches: Drop backported patch added to fix regression in setopt/getinfo
   * d/copyright: Drop removed file from copyright
   * d/control: Update BD to drop transitional package libidn11-dev
Checksums-Sha1:
 3c87f7bcd9454fe21179a5165eff62242449d67e 2955 curl_7.88.1-1.dsc
 6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz
 9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc
 519c8ba0f1f0f21387ecc06b4c6669565ed8766b 39392 curl_7.88.1-1.debian.tar.xz
 849c224e7ecee6475965db9ee365609e08a74aa4 12644 curl_7.88.1-1_amd64.buildinfo
Checksums-Sha256:
 570273973ead3345db93e0fe1928ebc2cd3778410fa96a21dcea7f65a58f3ff7 2955 curl_7.88.1-1.dsc
 cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562 curl_7.88.1.orig.tar.gz
 7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488 curl_7.88.1.orig.tar.gz.asc
 8d24c676fcc1f1009706cebf34f52ff1795f783fd385bba3af60211b6d46da95 39392 curl_7.88.1-1.debian.tar.xz
 fafdd633306bd6778309d98906d0a8f16ef34145bb4d09767144185e29cd5a67 12644 curl_7.88.1-1_amd64.buildinfo
Files:
 e03cea8f0db1e0e1094b3b3a64d5d261 2955 web optional curl_7.88.1-1.dsc
 1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz
 08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc
 d801975a6a3c0bebb72fbfe16579913d 39392 web optional curl_7.88.1-1.debian.tar.xz
 e058c4006be504216963938d466d5d21 12644 web optional curl_7.88.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmPz+GQACgkQu6n6rcz7
RwdT8w/+MJ/2PUDA42TRxHDWvpjP3HRQU4LDjUMEHf0QCb2Q/8NfFykOHXEViaMK
LG3va2U8zeIZhWeyZkm00UvG3W2M6ERAZBUn2Xtj31HlUzqSW05XSQqpRuCsBNqr
MziaEqtG+gR//fqnyZJd1sos4PW5WksjzKN/GN5xZoAa8hIGeO7m0duBkVrFnSXH
pttUc+0t44IGjlyOKIq2vSFHbfB8Go2UfqG+YCbFtaEddBkBFQ9Tl9Hfp2TWYvqk
Ka4johzJvmHuQdbcFByw6nYqWhZBbl2xuFzMUCVlvFCrOc5r7maHEu9Da6ZP9gjf
aKm9TgR/ymJH2iJCK7MnqUBsT/ldca0YmUUOCTQU/GcEnE1trvJC0sKcwE+8xnet
h7h95XN5z0W0UXwrGeHDb6OHKzUnZxndagYCZSkVy0F6uwCT8umQrnxCikmtTeAv
TirwnEYhIi6fCoW96X+Lc33mkJ/MzQMlpk8PdnumJLk5z6CybrYUcixyvZR23Uy6
SJRHb/yNhsu3iD3wGEyqp0SuOVuYUv0wQ5cn5t05OuOgvdTzuQZEreg/ELmC34Mh
Ik0q97pRyBiwzdD8rLQ2S3d6726YQRWtVywMrhXLsbdSP2iGP26uzO/MoB8THD/H
6zfqJuxzD6grwdC77slPpeFPDbH7yt0HLcXRyTw/vRdAC2ZkHdQ=
=PD3W
-----END PGP SIGNATURE-----
News for package curl
