Debian Package Tracker

From: Balint Reczey <balint@balintreczey.hu>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted curl 7.26.0-1+wheezy18 (source amd64) into oldstable
Date: Thu, 29 Dec 2016 16:50:16 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 28 Dec 2016 17:23:47 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source amd64
Version: 7.26.0-1+wheezy18
Distribution: wheezy-security
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Balint Reczey <balint@balintreczey.hu>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 848958
Changes:
 curl (7.26.0-1+wheezy18) wheezy-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2016-9586
     libcurl's implementation of the printf() functions triggers a buffer
     overflow when doing a large floating point output. The bug occurs
     when the conversion outputs more than 255 bytes.
     If there are any application that accepts a format string from the outside
     without necessary input filtering, it could allow remote attacks.
     This flaw does not exist in the command line tool.
     (Closes: #848958)
Checksums-Sha1:
 3ed3ce6cac7e8448e9b1f2bddfc8772bcfbcda41 2520 curl_7.26.0-1+wheezy18.dsc
 497264b0fdc5e01a3c7b2fba926d121762b56ac0 65093 curl_7.26.0-1+wheezy18.debian.tar.gz
 bf48dedff24a5ce91a4111ff94f710fb06268f8a 272936 curl_7.26.0-1+wheezy18_amd64.deb
 1b9b5dededc843b62ca3c94b16f10dfed19a8546 333616 libcurl3_7.26.0-1+wheezy18_amd64.deb
 0a80acb3577fa8e79533dab9f7269c8e0287b813 324730 libcurl3-gnutls_7.26.0-1+wheezy18_amd64.deb
 5b51d3c964faf06a3cca0c142a79d7462eaeb8b1 331434 libcurl3-nss_7.26.0-1+wheezy18_amd64.deb
 577a852b3f1109492ee1c0f9aba0fe7f307c0a0f 1275082 libcurl4-openssl-dev_7.26.0-1+wheezy18_amd64.deb
 b09f8670fe19a8cc63472edc1c3af6b7236a249a 1263818 libcurl4-gnutls-dev_7.26.0-1+wheezy18_amd64.deb
 4b8aaad15a90c3b21c996e86021598f2185e39d2 1271406 libcurl4-nss-dev_7.26.0-1+wheezy18_amd64.deb
 9b32c1a09358544637d6d7713afc572b1c53bb4f 3309712 libcurl3-dbg_7.26.0-1+wheezy18_amd64.deb
Checksums-Sha256:
 37fa66d05c8c7caa4434cff65045ac8c54accfd902130ff7d56a6088d3c45785 2520 curl_7.26.0-1+wheezy18.dsc
 a19eadf33ade3221a9a4aeb8aba04902965aedcb73202d372b7c538d7feadcff 65093 curl_7.26.0-1+wheezy18.debian.tar.gz
 2852acf251e9989dfb57e91a9d11781102b639fc31ca130bde9968f110a2379e 272936 curl_7.26.0-1+wheezy18_amd64.deb
 e327743df4fe5c174fc8e8e14650bef6b52d1a239d11bd4a8bf11b5be02d263a 333616 libcurl3_7.26.0-1+wheezy18_amd64.deb
 607be05a5d4d2de8b8c33d52e1e5b4b56e829dac43b834cbafb8a3325839121a 324730 libcurl3-gnutls_7.26.0-1+wheezy18_amd64.deb
 a6f8bac82372464cd2c71fd44f7efbdd82354620b5c40568c3b0b06255037ed0 331434 libcurl3-nss_7.26.0-1+wheezy18_amd64.deb
 0d81d08c840eefe200b73cefc5ae3c2317776180be42484a6e8ca3c569984efc 1275082 libcurl4-openssl-dev_7.26.0-1+wheezy18_amd64.deb
 dc1fb56042dc50b94c7480aceff094e0cb6e88c9002a4c9e0669df0ae2c32996 1263818 libcurl4-gnutls-dev_7.26.0-1+wheezy18_amd64.deb
 4e0b2a44092181c89457a0841efa107740140417d6ae8d6004f9e8b65e38a907 1271406 libcurl4-nss-dev_7.26.0-1+wheezy18_amd64.deb
 d32dfd8f939d8daa2c34bbf39969f8e8e76c4772988f97fb9155171adeda24f8 3309712 libcurl3-dbg_7.26.0-1+wheezy18_amd64.deb
Files:
 bfd93bee2ac7bfeef971a7532f06b2bf 2520 web optional curl_7.26.0-1+wheezy18.dsc
 1c8798cdae93883b15a5c2d828752641 65093 web optional curl_7.26.0-1+wheezy18.debian.tar.gz
 cefebe44e62d90e7db5ec23c96624714 272936 web optional curl_7.26.0-1+wheezy18_amd64.deb
 7bf69cd845dbda4d472c5d27477855cf 333616 libs optional libcurl3_7.26.0-1+wheezy18_amd64.deb
 68f3e5c020f2e068367415be6318f8a1 324730 libs optional libcurl3-gnutls_7.26.0-1+wheezy18_amd64.deb
 ab52ccce6893e956643a3d9650aed7fa 331434 libs optional libcurl3-nss_7.26.0-1+wheezy18_amd64.deb
 44f51d9c4989dd673310edb1d1943e5e 1275082 libdevel optional libcurl4-openssl-dev_7.26.0-1+wheezy18_amd64.deb
 12038a8cc67c953678e9ff4edde4850e 1263818 libdevel optional libcurl4-gnutls-dev_7.26.0-1+wheezy18_amd64.deb
 d9e9f62add2d15d01eda3a03549535e1 1271406 libdevel optional libcurl4-nss-dev_7.26.0-1+wheezy18_amd64.deb
 556485956352d1b59a273c29dffd7ac3 3309712 debug extra libcurl3-dbg_7.26.0-1+wheezy18_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYZPzaAAoJEPZk0la0aRp9xosQAIMeiWzctRXxjyofi62TLNEZ
3UA2zJHVw9q9we37YBcrsJVGjatLehj9Nl6c+FRgDKmyUwf/+fKABXfElwilCnWw
Nz98N1AboTMb3kdRmnTdjEMnO2cfk6uYnM33Cy7SjZ19aKaqPRKk07ldIDEzmFdU
3hvpNtfnTcfu5Izy6b3b8iK5Jfy6m44rHJlJdrvs/a6UucpG+L5B7i24SM0s3s+4
kSe6iFc1G14KNJCiSfXnobKZXYmOLxIPp0tm2OGTn8n7hs7WK62eZQLEgFyBHo7Z
/mMWOIXpbJ7gvyiXvfcXl2m4JaH9y0mj2RTA+Mcikf41EhExjKfE0H0N9S1tIpwq
nO/dQUqCslZ9snCdNDdKlfOCrWkdl7Z3x5C4HHpSUDa/NHGypIrg1bNce06DOz3E
s9obZatSrH5CheJg5G/9AY7sEzMk6IM+87jNiiSMb0Xloh8HYHuDvA4qS1qUoWp7
UICUkWCT6fpwU7yxDyypNYC+XYhnS9G+AP34fsJes23v7IBrAsYF/Dr92o/yN6YC
As7lOC6svjdEEpb+IiWnwCYPOoUZhkn+SG0eUPke05D10ZUdWwNQY4SUp/I/pmC8
vs1QanNrE7UnodnUaJeol91y7tHcaEwBS4U287sOD429I6M6orR0Qegjp40MPQrj
tUEL4NBjSgc0jagZw4E5
=+ugx
-----END PGP SIGNATURE-----
News for package curl
