Debian Package Tracker

From: Alessandro Ghedini <ghedo@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.51.0-1 (source amd64 all) into unstable
Date: Thu, 03 Nov 2016 23:35:27 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Nov 2016 22:46:14 +0000
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source amd64 all
Version: 7.51.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 836918 837945
Changes:
 curl (7.51.0-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix cookie injection for other servers as per CVE-2016-8615
       https://curl.haxx.se/docs/adv_20161102A.html
     - Fix case insensitive password comparison as per CVE-2016-8616
       https://curl.haxx.se/docs/adv_20161102B.html
     - Fix OOB write via unchecked multiplication as per CVE-2016-8617
       https://curl.haxx.se/docs/adv_20161102C.html
     - Fix double-free in curl_maprintf as per CVE-2016-8618
       https://curl.haxx.se/docs/adv_20161102D.html
     - Fix double-free in krb5 code as per CVE-2016-8619
       https://curl.haxx.se/docs/adv_20161102E.html
     - Fix glob parser write/read out of bounds as per CVE-2016-8620
       https://curl.haxx.se/docs/adv_20161102F.html
     - Fix curl_getdate read out of bounds as per CVE-2016-8621
       https://curl.haxx.se/docs/adv_20161102G.html
     - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
       https://curl.haxx.se/docs/adv_20161102H.html
     - Fix use-after-free via shared cookies as per CVE-2016-8623
       https://curl.haxx.se/docs/adv_20161102I.html
     - Fix invalid URL parsing with '#' as per CVE-2016-8624
       https://curl.haxx.se/docs/adv_20161102J.html
     - Fix IDNA 2003 makes curl use wrong host
       https://curl.haxx.se/docs/adv_20161102K.html
     - Fix escape and unescape integer overflows as
       per CVE-2016-7167 (Closes: #837945)
       https://curl.haxx.se/docs/adv_20160914.html
     - Fix incorrect reuse of client certificates (NSS backend)
       as per CVE-2016-7141 (Closes: #836918)
       https://curl.haxx.se/docs/adv_20160907.html
   * Drop 02_art_http_scripting.patch (file not shipped anymore)
   * Refresh patches
   * Temporarily disable IDN support
   * Don't install pdf and html docs (they are not shipped in the tarball anymore)
   * Install markdown docs
Checksums-Sha1:
 073daee259c41e6779839d1f6ef59807f4540944 2681 curl_7.51.0-1.dsc
 d967f37db1a2b49eb3ccc682b97c46e948dfd19a 3441753 curl_7.51.0.orig.tar.gz
 aad50a0bc1c6416f3b5f59293cc2038018d7661c 27016 curl_7.51.0-1.debian.tar.xz
 5fa3785860333c85f401f6602a421793aa8e3247 128066 curl-dbgsym_7.51.0-1_amd64.deb
 6266886e82636ac31c27459ea2c8de298ca372da 222254 curl_7.51.0-1_amd64.deb
 5dacefa80356a7bc61d07024c42e8549a218680a 3951626 libcurl3-dbg_7.51.0-1_amd64.deb
 030a45249592cbf7e41b171e8fe811f8a006ca6d 283742 libcurl3-gnutls_7.51.0-1_amd64.deb
 1f344ffb5c2a859667b788baf77e6eed0036f472 290302 libcurl3-nss_7.51.0-1_amd64.deb
 78dd81f304a5fb3c66953663a3f9d8883867f63c 286282 libcurl3_7.51.0-1_amd64.deb
 b05f4e833f37c3117698ad1f92fd43a8de8f3e3a 800326 libcurl4-doc_7.51.0-1_all.deb
 ac2db320f2b8cc4fb2400d4490421aff1542a18d 365940 libcurl4-gnutls-dev_7.51.0-1_amd64.deb
 0fe584375c5401c28317bb6018c6f40d753f77c6 372682 libcurl4-nss-dev_7.51.0-1_amd64.deb
 a961cec9e1c7571b16929de4b706879f66e2b6cf 368044 libcurl4-openssl-dev_7.51.0-1_amd64.deb
Checksums-Sha256:
 e139d0221798b98174533e4219c7841bd1880a85ce776fb44d9d67d3e9c77808 2681 curl_7.51.0-1.dsc
 65b5216a6fbfa72f547eb7706ca5902d7400db9868269017a8888aa91d87977c 3441753 curl_7.51.0.orig.tar.gz
 be7ec42a13fc8167a5dd8bd092324594f05632b8eb7faef94128281310cc7e6f 27016 curl_7.51.0-1.debian.tar.xz
 ea81de52f7fe5e5cc1100c820f7435dc34de58f141b76a0fcc2885f614126c1e 128066 curl-dbgsym_7.51.0-1_amd64.deb
 25a2fcd051b93fb8ee9fe9f42d09a680b00adc8a359b7fc497f8009d7892efcc 222254 curl_7.51.0-1_amd64.deb
 f9d38671382aa489469242f292eaa9ac55ef81579cffbb13ef09080a988678e1 3951626 libcurl3-dbg_7.51.0-1_amd64.deb
 301e72f6cd523c16bca160223c4af90ee588cabf8d926ee38843043bf48d3b7d 283742 libcurl3-gnutls_7.51.0-1_amd64.deb
 7483d0f3b362212fa7749f36179136645eb85d53d096a23645a706697d758080 290302 libcurl3-nss_7.51.0-1_amd64.deb
 670c638fe8ceaa4893b9f8fa053f49dd691c0f18f96c8e292fd0b875dba78d19 286282 libcurl3_7.51.0-1_amd64.deb
 9a0660465e7d50dee3a3800bfd5d8549dd6ef43f113bb6e4fb029e47243c1f29 800326 libcurl4-doc_7.51.0-1_all.deb
 14c0b036dc5103ba6870c91fdd317b2680a2ad78bcf1b6a1a8212f19c52bcd66 365940 libcurl4-gnutls-dev_7.51.0-1_amd64.deb
 490e87f3858aaa1ab160b9f2972847bca5b5a2887b26c7e2316dd1e8bea1ad97 372682 libcurl4-nss-dev_7.51.0-1_amd64.deb
 79c090d949e2d6b4ac00687473cd5ce02749d52966d53b9ea242a461f24df211 368044 libcurl4-openssl-dev_7.51.0-1_amd64.deb
Files:
 b9bd94cabdd990e60a053f2822e7a8fa 2681 web optional curl_7.51.0-1.dsc
 490e19a8ccd1f4a244b50338a0eb9456 3441753 web optional curl_7.51.0.orig.tar.gz
 4352cee9e0db41aeb02a79634fb048c1 27016 web optional curl_7.51.0-1.debian.tar.xz
 f0cae778ba0ae8bd4b15f38b3887a59e 128066 debug extra curl-dbgsym_7.51.0-1_amd64.deb
 28e74d63ef76e1e0dae52cd05d956a7c 222254 web optional curl_7.51.0-1_amd64.deb
 036d8435a92c52eadb01dcc534eb80c1 3951626 debug extra libcurl3-dbg_7.51.0-1_amd64.deb
 620d73cee382579be2667d4a177bd378 283742 libs optional libcurl3-gnutls_7.51.0-1_amd64.deb
 bf289966f653f96a5f8c006116794110 290302 libs optional libcurl3-nss_7.51.0-1_amd64.deb
 10c542998dfc3535a724d5e8e4de96f5 286282 libs optional libcurl3_7.51.0-1_amd64.deb
 1b6e474c092791a9a127cdc6e895272a 800326 doc optional libcurl4-doc_7.51.0-1_all.deb
 9b61cbbee97c4e98bd6f76c1aa7a9692 365940 libdevel optional libcurl4-gnutls-dev_7.51.0-1_amd64.deb
 51541c66442289f1f28e9ffc7de05510 372682 libdevel optional libcurl4-nss-dev_7.51.0-1_amd64.deb
 b9654f2ab0b87238849482d7fb8f4683 368044 libdevel optional libcurl4-openssl-dev_7.51.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYG8UYAAoJEG8My+AhYkcouooQAJbyXW6xkYI7ZyrZJH8Mvm7i
lwxt3Nx4IUP3VIeY8q9OApb9FMPya3B6EvPAq3tCmFNlOuIcXY7LfZz19lOUCPJS
qcQqtFm0gpaO2hTnyJRR2yEx7GSTNAcokdYEcGi9mFaTbAk8Kni2bOgBZtkEdrRM
wed/X87ou1OpsMuZSeopTVeqGqfYCbOilRNTeiggFAaZEoyxl15moRv2RO1S4hgu
dxzDaRIJMWSt/dEM9076m0EG7hG3VDEKdfh9zeiJIeipfpzFoOdv0nkBqFETw+1F
hTjVUw6HSuJVAdTm9ZhQ5/sTigIAyPNcalW5TTRkYRWbrRsYHsiJbezLdaIeKE/D
OoErCkb/FghvCwGzGNlW+zqkniDy7GyDJXj2nZOzYhAXzu4s7sfdOs29mHxCTTvR
6C2lF5tZOV4nVs5jkfj83uFY49sx5cYuMZcelkwnKmjqvoUc6Au5s2xSO9qiVyZf
p3UZ5lbo+iyX7A9WVwjQNMh0EbsEObmzgyILFtrrkoVk0JDfzrJyVpPrnnfYpz67
fMF6vtGW/i6s5ZdSoBk5Q7UvhnjfYBEaV9JkXr/A3N/k7VGy8DzBtr4YaAL76rqW
+w4SbHUBXqCInfVQhLweff1eblz5DmnbR4a4kbEi8BsVEzR0L9nIZd7o3N3121eS
U0FwFrJwnGx2TJuobfXK
=pLFy
-----END PGP SIGNATURE-----
News for package curl
