-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 26 Nov 2017 13:00:56 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source Version: 7.52.1-5+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Yves-Alexis Perez <corsac@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.52.1-5+deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816 https://curl.haxx.se/docs/adv_2017-11e7.html * Fix FTP wildcard out of bounds read as per CVE-2017-8817 https://curl.haxx.se/docs/adv_2017-ae72.html Checksums-Sha1: d56b42850e5523e1198d348348a1dfa53385509d 2448 curl_7.52.1-5+deb9u3.dsc cd278521776ceec0d8e96ac07019948791d958f1 36636 curl_7.52.1-5+deb9u3.debian.tar.xz Checksums-Sha256: 7a056c950e8e1bc29c1c4274c5eb15e8e1f5aa11fb19f592f85c1abf231701bd 2448 curl_7.52.1-5+deb9u3.dsc 8d87edf83116efb052fd66ebafd233499774ab7b6934da6197fbae0c65e12881 36636 curl_7.52.1-5+deb9u3.debian.tar.xz Files: b76a461cdb07f5990c64f026ad581588 2448 web optional curl_7.52.1-5+deb9u3.dsc 16903e1144a7c9877a6b211f9a336b47 36636 web optional curl_7.52.1-5+deb9u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAloa+v0ACgkQ3rYcyPpX RFtM9Qf+OPaIDE8mniZy3QK/1pCltvUKz75o/4JVH6cOv6sThSHnUYCuzBOnNpJB DFsf3sJdHHzCG/qMMYasG4Epop7cOSvt3AAeinXb94D06yrGYeTbgeUlwv5/I6eN JQAt3G5an/OKojdMjfUGKJBYromzhLAycKzdWQd1aZRZ56BN3LRQOJwo2lego5OB YmTH8ogFY0q3ETMVAjy3b8aL9yGIdVJjjU3Avwa7Zpoc0YE6UKKv/Ov0+zhIc3Ax 6y+g/BlwlAoUvD5X4ZVc1xN45hJC56lzM5mB1hbpa9bYH32HliPg4t8nYtSHWoSZ ulfXCUIU+IerK1YzXAdQaGEXKFLEzg== =ALec -----END PGP SIGNATURE-----