-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 Feb 2023 08:47:56 -0500 Source: curl Architecture: source Version: 7.74.0-1.3+deb11u6 Distribution: bullseye-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Roberto C. Sánchez <roberto@debian.org> Changes: curl (7.74.0-1.3+deb11u6) bullseye-security; urgency=high . * Follow up to CVE-2022-27774: The revised patch for this CVE in 7.74.0-1.3+deb11u5 contained a defect such that it incorrectly manages redirects with authentication. As a result, authetication credentials are cleared in some instances where they should be retained, breaking certain requests. The patch is corrected in this version. Checksums-Sha1: 5fe4ce52f3643843570c213bb0bbbc18066d3d03 2699 curl_7.74.0-1.3+deb11u6.dsc 293b5c4cc6ce1f7cbc23a4a31a858a7d1c7212a0 60504 curl_7.74.0-1.3+deb11u6.debian.tar.xz a7304b4956be30b6cf50738ee1e20d5cc6259697 12923 curl_7.74.0-1.3+deb11u6_amd64.buildinfo Checksums-Sha256: ff18210daf9aa1be32d6f27d662452e7c1d8ed672783944a26218c701d8685c7 2699 curl_7.74.0-1.3+deb11u6.dsc 03714e1ef22779fe42baf5975d6989e93a36de0b693591b8581d3da8480ae0a3 60504 curl_7.74.0-1.3+deb11u6.debian.tar.xz 2daca39e35ed1fa34717df7b5f5e8a91e0e7919274283803b8ad21e224a1425c 12923 curl_7.74.0-1.3+deb11u6_amd64.buildinfo Files: 5f41d83ac8fc5c7676c7c6ac31d7e54a 2699 web optional curl_7.74.0-1.3+deb11u6.dsc 806b712c2d027f964f924420f8ddaf18 60504 web optional curl_7.74.0-1.3+deb11u6.debian.tar.xz 3f136f74ab4f2fb775e76a670e54920c 12923 web optional curl_7.74.0-1.3+deb11u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmP02skACgkQldFmTdL1 kUJl8hAAtSHwcW3CTcStZ0wQ4c77T6kezzr7EYTj6OVTxrBIgqgJkt0uh4qWzbmJ SR0Z+EQXvO312MqIPRzZuQXK0fJ7stuHKGq7rAJcpwDtv8vRRE6T5DL0PYRBrg36 lpK+BcNKY5fg2Z8MsZbuEzAsGxrOqTB8dmqlvUFBKLoaPrHeVKLOeWt10x9m+aHg YN1OjGHYiRGIk2UoQ1j2CSIZSLq8/nIMSD1/hTg6lzFAwqf0p0erhh18fCB7Je00 dLryHnZ5YixOmRivXclqW/YDn4jg9cEX18zwNGffCC53z4ex65gBIwvpMIVC472N q1UlETVDlbos1UkvXMNoPsclVZClwySnma0PBjJCLs65h5R1hRAOwIy8N4Fl8TGd l8xiVl+jyY3LtmViIch/X4WmhcNj3Eu62y03wakQoT7WhgODmKZVtDPifyQRI24D i+GiEF/GKQF/gPNS9SWwiQoX+O4LC2vkZpZBSCJdp/+9snXL4T8l8rEO/63ctcpU a5NsEJ4ca8cx/XjPbrcfKVyKqJWqFVk8TZ7WREdkZpinbk133WVeNdv2gBocwo3m pswzP+YMqccknrBP3cTxQ0SuyxS2GQ4k5wDRbKL7OCD18BeNTuz7piGFTVDFK3Tt 6JNyyTpxkpb2Q44g29QnQ3iKJLoBHVt5L+oVqW7j7Pb41Ur9EY4= =MLhw -----END PGP SIGNATURE-----