Debian Package Tracker

From: Alessandro Ghedini <ghedo@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.58.0-1 (source) into unstable
Date: Wed, 24 Jan 2018 11:50:13 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 Jan 2018 11:13:58 +0000
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.58.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.58.0-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005
       https://curl.haxx.se/docs/adv_2018-824a.html
     - Fix HTTP authentication leak in redirects as per CVE-2018-1000007
       https://curl.haxx.se/docs/adv_2018-b3bf.html
   * Point Vcs-* to salsa.d.o
   * Bump Standards-Version to 4.1.3 (no changes needed)
   * Bump debhlper compat level to 11
   * Refresh patches
   * fix insecure-copyright-format-uri
Checksums-Sha1:
 cfb27eab9776b0d50b6366ef99f95ad3307d14c0 2678 curl_7.58.0-1.dsc
 089f17884d672aca7a661a65d847135f2f0ccbbf 3879728 curl_7.58.0.orig.tar.gz
 3f7f3f43acd9e4861ecf9b30a5c40feb2a54144a 27804 curl_7.58.0-1.debian.tar.xz
 20ad0130b2456131d6d04e0c5ff54130aa69384b 10864 curl_7.58.0-1_amd64.buildinfo
Checksums-Sha256:
 db4217fce48ce2c413e613ff38071a96cf717b3370b318520f681294e749c128 2678 curl_7.58.0-1.dsc
 cc245bf9a1a42a45df491501d97d5593392a03f7b4f07b952793518d97666115 3879728 curl_7.58.0.orig.tar.gz
 4cfe2f23f78da726564a41258e6217d024262b65dcc110d1123cd084ad7a91dc 27804 curl_7.58.0-1.debian.tar.xz
 3ff9288df56a3edee4fb15686ea5d74d871e579fc595d6d61ac0fae759cb29ed 10864 curl_7.58.0-1_amd64.buildinfo
Files:
 4adab4491505bb386f089ac1a2bbbbff 2678 web optional curl_7.58.0-1.dsc
 7e9e9d5405c61148d53035426f162b0a 3879728 web optional curl_7.58.0.orig.tar.gz
 acf548ec80274a4b33cf6ee212f3b3fc 27804 web optional curl_7.58.0-1.debian.tar.xz
 90c472bf2e54ba111ebdf931f316352f 10864 web optional curl_7.58.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlpobBkACgkQbwzL4CFi
RyiRwRAAgbr7Zx2gdZbIbU7BvNdBLHEJ55T57jfhWLd0/VURPm4j0A9nbn4XMs2R
73jJHmheotuXXToZ0pmhXVvw9ZZxdsb0dxonE2lUmmwQQm0h96HGUBSx0RgK2Cta
QAg4T9f6dFVbp42gyfn74fqcZW3YPZyApc3uHDGNw8MwZwiLQWWQ4WEYrg1iCtjq
t2GJKkWFMvCon0XX3XK0zRhGCTDwnknSnBcAfeFUC1J5lH+3RKr6TJxxccF8dRln
GkWatd06he9T4/W7MM137mNGgyQZId5G65vqkSkLxOKJU3mNQu9bZxgUYtg667Tz
snRzik/tTslrdWyCWp7IdrRtnpVIvO1TPan6Cz5fgJRENXb4nMUSw0lUnyNsjgO+
24yy0Q8lL1ZG0Jj5uZbgLB3ee8VunXo41MZIT2vaOIRhH+KR5hdvv/vCRVYauFeY
XHY0R/+x/aFUa3DTi7x2VtlmtLj66xVZmniC1RnO/ELlRXR+rNtE9Yn0U4Bb93Uh
QgqP1aExSBaR0TXTNB2z+vCAdr0W2bxEGY8rXlTkXJOsrdWj1hlfFloxkZhjYZKa
8RBL1MKE2LTMA7zP2vsfNSJ9HnXi591+GXgRvPhG+UPd491TZbZ3Ek7stOlPlwv9
vR890Oh7PMATrBsuBIFywWo0nbgWaWzlfEmVuL2hNrbu4pOCFqw=
=w2nb
-----END PGP SIGNATURE-----
News for package curl
