-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Nov 2017 22:03:21 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.38.0-4+deb8u8 Distribution: jessie-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Yves-Alexis Perez <corsac@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-4+deb8u8) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816 https://curl.haxx.se/docs/adv_2017-11e7.html * Fix FTP wildcard out of bounds read as per CVE-2017-8817 https://curl.haxx.se/docs/adv_2017-ae72.html Checksums-Sha1: 15ec6dafba25ae8453d6f502bf559e05dc64149c 2324 curl_7.38.0-4+deb8u8.dsc a8a57b5380f0bcaa6d8cfe425e33eccafd82ab55 43632 curl_7.38.0-4+deb8u8.debian.tar.xz 2a56d98158fc7d6dad6e082d193878eb54d8a40b 200750 curl_7.38.0-4+deb8u8_amd64.deb ceec26742051938e0f04fca4df595ef3ebe1d745 259742 libcurl3_7.38.0-4+deb8u8_amd64.deb 404a6aa8ad23e83f0b562fbfca7891f55ad5db7a 252002 libcurl3-gnutls_7.38.0-4+deb8u8_amd64.deb 9869cf96e6f703af39e872238ea08f6d31c58149 263042 libcurl3-nss_7.38.0-4+deb8u8_amd64.deb 3ed5c3809413e8a955f13edb7e384d503ac2da50 336228 libcurl4-openssl-dev_7.38.0-4+deb8u8_amd64.deb 6934d96e2a648ddd5718cea0b7b9da786f1cfbeb 327504 libcurl4-gnutls-dev_7.38.0-4+deb8u8_amd64.deb 02a1282a517e3d548edd0f6d39ae157d5ea150d3 340054 libcurl4-nss-dev_7.38.0-4+deb8u8_amd64.deb 0707be09a211a149ed019be720d33af74cf4efec 3371552 libcurl3-dbg_7.38.0-4+deb8u8_amd64.deb 5fef89490777f7e7abd6a38eca1df058f109390b 1065334 libcurl4-doc_7.38.0-4+deb8u8_all.deb Checksums-Sha256: d160ead196ea8eefe7f465599f6328a4b90b4d09e934d03f54f5588c0ce45fd8 2324 curl_7.38.0-4+deb8u8.dsc ec846b7e120206cc60f906ed0d846e94bdeb5eada86ed091749208f87d1f20c6 43632 curl_7.38.0-4+deb8u8.debian.tar.xz 89fbc6e5dd1cf28bdd73ea2f3c0e10d935477b34642d80404f357ea25b66edb6 200750 curl_7.38.0-4+deb8u8_amd64.deb 5223505ab3a7e3dc604fdc2c5aadb1fcc46773b490ce7378bdc99b801a5bb274 259742 libcurl3_7.38.0-4+deb8u8_amd64.deb 3e1b509aee34f7499b894a976c5ff383540c6679e8a2cd8ef4d77ea564a5fe32 252002 libcurl3-gnutls_7.38.0-4+deb8u8_amd64.deb 6a97f1528f26e11b36c12df34cf83e780355bf0675c18efac827440ae5589fea 263042 libcurl3-nss_7.38.0-4+deb8u8_amd64.deb 3e9c000d61914ffca15d6326eca3023ab59c52910464489f2ea132fc8190e77c 336228 libcurl4-openssl-dev_7.38.0-4+deb8u8_amd64.deb 1349113a42f85c027b198e70fd903d9560513950f3eec62776c82b3c4839d74b 327504 libcurl4-gnutls-dev_7.38.0-4+deb8u8_amd64.deb 1d25cfa4bade4f86de10a649743187a2329d75e3f74cc481d60bb777661cd726 340054 libcurl4-nss-dev_7.38.0-4+deb8u8_amd64.deb e2d4b85097e5176a886bd4a8cd13c092cd983a510373fa0b31ec3ab0167bb8e0 3371552 libcurl3-dbg_7.38.0-4+deb8u8_amd64.deb 72b769de8c615375036f7eb07113cc73b1d05488dcf0a75b6512fd264383a052 1065334 libcurl4-doc_7.38.0-4+deb8u8_all.deb Files: e0ae57fe8cbd464a5468d591a07b47ea 2324 web optional curl_7.38.0-4+deb8u8.dsc 3c010abe83a4bacde9088b6c51dec284 43632 web optional curl_7.38.0-4+deb8u8.debian.tar.xz b28f1095dded33c84826b46d6ee754ec 200750 web optional curl_7.38.0-4+deb8u8_amd64.deb 3a149c3d94fd958c42aaa3318d81cc9f 259742 libs optional libcurl3_7.38.0-4+deb8u8_amd64.deb 91450798fb2a454929b4aa1330cc0171 252002 libs optional libcurl3-gnutls_7.38.0-4+deb8u8_amd64.deb 68e3168428d5bd8091db90675b3134c9 263042 libs optional libcurl3-nss_7.38.0-4+deb8u8_amd64.deb e85750b2295570068ff2ad473b1d4e60 336228 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u8_amd64.deb b65ee05076e48d4c83c08d7a73bea01e 327504 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u8_amd64.deb 5b3b9cbd7ea46e6b766a5b56cb080b2c 340054 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u8_amd64.deb 06efb778f359d3bb72a6db096970d2e5 3371552 debug extra libcurl3-dbg_7.38.0-4+deb8u8_amd64.deb b86790a5f880988ab759d4c09c92ba35 1065334 doc optional libcurl4-doc_7.38.0-4+deb8u8_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlodOYgACgkQ3rYcyPpX RFvQYwf/Wja+kplcGF/ey9Xe1nzGKcXxQuZ771DBVIe/v+KEI46MCvYCT2ysYMLz hw3USTmnTM35VCqOD2XhbqYfchCGScrT4+149OnBfSi2NC7WlCjxgVGebq4vXQvl tGXAplz67dB+q5lvO+TxsKxlntJMbmkpUptdCEEouCCLu+O0skq74V9Y5ticQJsh /1roQgzSSkZCdOz1jnqjj/Fzs2oKyEw3aqN2aCMQX0swW0hUPZupbphc1d0GsdEd qetqxpP/RkEIFuCqDz5hOSzPUtVV1/4QkXPnWAQBxSH8BI8vaH9ufk9Lf/nRXEhZ DGyZ4mGus858iQlQLo5P5a3nvHf4yA== =jSAY -----END PGP SIGNATURE-----