Debian Package Tracker

From: Alessandro Ghedini <ghedo@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted curl 7.38.0-4+deb8u5 (source amd64 all) into proposed-updates->stable-new, proposed-updates
Date: Sat, 05 Nov 2016 18:47:30 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Nov 2016 21:38:10 +0000
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source amd64 all
Version: 7.38.0-4+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.38.0-4+deb8u5) jessie-security; urgency=high
 .
   * Fix cookie injection for other servers as per CVE-2016-8615
     https://curl.haxx.se/docs/adv_20161102A.html
   * Fix case insensitive password comparison as per CVE-2016-8616
     https://curl.haxx.se/docs/adv_20161102B.html
   * Fix OOB write via unchecked multiplication as per CVE-2016-8617
     https://curl.haxx.se/docs/adv_20161102C.html
   * Fix double-free in curl_maprintf as per CVE-2016-8618
     https://curl.haxx.se/docs/adv_20161102D.html
   * Fix double-free in krb5 code as per CVE-2016-8619
     https://curl.haxx.se/docs/adv_20161102E.html
   * Fix glob parser write/read out of bounds as per CVE-2016-8620
     https://curl.haxx.se/docs/adv_20161102F.html
   * Fix curl_getdate read out of bounds as per CVE-2016-8621
     https://curl.haxx.se/docs/adv_20161102G.html
   * Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
     https://curl.haxx.se/docs/adv_20161102H.html
   * Fix use-after-free via shared cookies as per CVE-2016-8623
     https://curl.haxx.se/docs/adv_20161102I.html
   * Fix invalid URL parsing with '#' as per CVE-2016-8624
     https://curl.haxx.se/docs/adv_20161102J.html
Checksums-Sha1:
 53595b99900cd174bdbd3f2645e5a8844f33f5a3 2637 curl_7.38.0-4+deb8u5.dsc
 1cef59496c5e3e1580aa531d73f7891f4efbb726 40224 curl_7.38.0-4+deb8u5.debian.tar.xz
 1d92011991c0074b7d0a667588780d3c919dbf30 200492 curl_7.38.0-4+deb8u5_amd64.deb
 9b23f6f5fe8e0332443b0411bea7a8e2503e8c21 259412 libcurl3_7.38.0-4+deb8u5_amd64.deb
 21d1ee2a50c2314b2c39c207bac8f8f3ad74af68 251564 libcurl3-gnutls_7.38.0-4+deb8u5_amd64.deb
 d1f7c52a2cce7cb9f72586ecb2d97f504d1219bb 263042 libcurl3-nss_7.38.0-4+deb8u5_amd64.deb
 0f917190a1f128caa17378471c278b0cf4d0ef03 336678 libcurl4-openssl-dev_7.38.0-4+deb8u5_amd64.deb
 544d4d9c9bfe0a794fb507cf1682c6e26fae326e 328368 libcurl4-gnutls-dev_7.38.0-4+deb8u5_amd64.deb
 1645a0e9fea9821d89093afd3ec0ebf85a5ce28c 340930 libcurl4-nss-dev_7.38.0-4+deb8u5_amd64.deb
 46bc8918dd1686e064269e17eca6f129158e54c6 3364932 libcurl3-dbg_7.38.0-4+deb8u5_amd64.deb
 d3a1de3b7ff3ccf306531184def46d474dc0e375 1066444 libcurl4-doc_7.38.0-4+deb8u5_all.deb
Checksums-Sha256:
 2b5e0bf7ea27efaa23d3274a487227436a8b6777dc571c957ae1c9fb4e455d8d 2637 curl_7.38.0-4+deb8u5.dsc
 3f917091d1694a77852fe05293dafff079382e70d93f62f7de5c61f1812cf69d 40224 curl_7.38.0-4+deb8u5.debian.tar.xz
 1cf92bd34981b070ec70e023cc162b8be857e03be1170697c2824dd167f11983 200492 curl_7.38.0-4+deb8u5_amd64.deb
 5604a7ab988a30c82ab5cc9498bbf17f58719bdfc891ee65267be7019a5ca842 259412 libcurl3_7.38.0-4+deb8u5_amd64.deb
 5fa22ca0d16083ed24935a3848e73d2fdccab6ed6b349b9e966260a20ca0cd10 251564 libcurl3-gnutls_7.38.0-4+deb8u5_amd64.deb
 6086cf81f0ba25e1d5b175b4e9179d7b89c2d5d14d227fd101de9103eb9b7775 263042 libcurl3-nss_7.38.0-4+deb8u5_amd64.deb
 1d8a76cd4c84ca3763c1ce59b46e5226c6c319b52a45f1dc486816080dad5486 336678 libcurl4-openssl-dev_7.38.0-4+deb8u5_amd64.deb
 1aae8a60f883fb7131a14a89938fe51c584e3fcdfa603fcc4f06f7b41ed57613 328368 libcurl4-gnutls-dev_7.38.0-4+deb8u5_amd64.deb
 38a508014e763510159c3b7326c21c2afc95d773b4446711ed23ddce9eff21ef 340930 libcurl4-nss-dev_7.38.0-4+deb8u5_amd64.deb
 237e3557af35119f86e1c249431f45e247bc0d286472c46627709f9b146079b2 3364932 libcurl3-dbg_7.38.0-4+deb8u5_amd64.deb
 e75985bf3af28ea502f9fc3300a33e6ed5f272d027f2b0be18f48c7756b9f467 1066444 libcurl4-doc_7.38.0-4+deb8u5_all.deb
Files:
 b9bb17b2505597e165e1e3582b56f6e4 2637 web optional curl_7.38.0-4+deb8u5.dsc
 3952064d2d984ad33b962cab88a40ca3 40224 web optional curl_7.38.0-4+deb8u5.debian.tar.xz
 2ff2352a3e7baa12e0ace3cf58ef7e47 200492 web optional curl_7.38.0-4+deb8u5_amd64.deb
 15e8a9b84e877afb94be725769395c63 259412 libs optional libcurl3_7.38.0-4+deb8u5_amd64.deb
 2911dd20aa77977d2310cb5732d73b41 251564 libs optional libcurl3-gnutls_7.38.0-4+deb8u5_amd64.deb
 c05f3e22cd13f8bf721cebbfe25ccfd0 263042 libs optional libcurl3-nss_7.38.0-4+deb8u5_amd64.deb
 eba213cf9ec9244742116a841ec72cd9 336678 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u5_amd64.deb
 5eedecac827b303179340de6a12faa82 328368 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u5_amd64.deb
 2808bb6e4239c5ec4c6a86eb4e5ef78a 340930 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u5_amd64.deb
 955326de6b8b29e156f9b707491f5a7f 3364932 debug extra libcurl3-dbg_7.38.0-4+deb8u5_amd64.deb
 5a1d583c8569d40ec3004c5bc6c00c3b 1066444 doc optional libcurl4-doc_7.38.0-4+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYGSQWAAoJEG8My+AhYkcojOEP/1SqPsEcB2hdDLgPlsdz9cAx
n56a/bjkewQOJElwEP3h+1F5qBkM3ISjtMB6xGWk5sBklNEhrfJ4k4PW/eDROvkf
8GNRdrVoJtsc82lzZvy1pvYwtXSods62NqRX0Oq5omJJEoXHhlXlmnR9U84d8esU
FwnPAZhDZA/90Djnd46U03Cw3JYqTAyueH6asBfug9MYj41RRTAVvpG5I1WW/g9N
9QsvXAr0nRYN3diQFf7oVFbbid5jqXA7F/8XDHtv3N2iTsu8/Gj8jdFMC6TaQ22Z
mjF1EVy94JZEkK0X9QPJCBeRMX+w/+gFDX94iQzgTXRCVe5Hrex2fEW5fwxfotqL
jNBLsCtGIn8niS5EvVPIwxhwxut9YZHVHuVRMQzu2ryI8eihc63XQez+NkLG8HJg
FCJLKWoUU+FmAg2HgZL6MJd3uIZ83hMN+8UDxwN5KGNFNf9tvZQ0ewC1I5L0blRI
ssNWjEo7d+ppQno7hkPghqgkgqZCQlqhkuBvH4SVTDo+gSZCLm+xOf2wUklVxdUK
QC1WDvPVypmNAe0AjPumv6Rs9OiOnBkVQV1d2C/HCWm8ChMpbrBBRRVED4MD2V5c
aQTVqzx5BptHufBS6D8huwaLl5uKrspyXG51jHEWQi5U3vBWIhohh8N39xS/13gN
QDjfM/wymrP1JdBqEstF
=D45/
-----END PGP SIGNATURE-----
News for package curl
