-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Jan 2018 21:56:56 +0000 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source Version: 7.52.1-5+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Alessandro Ghedini <ghedo@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.52.1-5+deb9u4) stretch-security; urgency=high . * Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005 https://curl.haxx.se/docs/adv_2018-824a.html * Fix HTTP authentication leak in redirects as per CVE-2018-1000007 https://curl.haxx.se/docs/adv_2018-b3bf.html Checksums-Sha1: 698468afdb2d64f0bfcd7b3af2a5fc8cb0376bbd 2793 curl_7.52.1-5+deb9u4.dsc cbeeabbc2bd643494ce1dae777a828681f43ca9f 38628 curl_7.52.1-5+deb9u4.debian.tar.xz ac983798b295eb76967006ea3e21e5c20c66f3fb 10867 curl_7.52.1-5+deb9u4_amd64.buildinfo Checksums-Sha256: 45d618d610b7c80aca3c86d72f68cfe142b77ce260a1b38c8a1a11ceefe8ce9c 2793 curl_7.52.1-5+deb9u4.dsc 50bbcad2b04c6d45a97b85fc78822ad8cf8e3cc0c7d470fa92080e00b59791e1 38628 curl_7.52.1-5+deb9u4.debian.tar.xz d3a4118be8e741fbcb2286ef09a9e2153435f8eeeed93df0eba00cfa2397984b 10867 curl_7.52.1-5+deb9u4_amd64.buildinfo Files: 1df935bed5a588428bea958b70e55e77 2793 web optional curl_7.52.1-5+deb9u4.dsc 0d16f5660803dcf4b394c123816e7b29 38628 web optional curl_7.52.1-5+deb9u4.debian.tar.xz ccd95d1abd13dec057e7e8316eed4cec 10867 web optional curl_7.52.1-5+deb9u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlpob30ACgkQbwzL4CFi RyiCQA//SK4JiKHed54QnjKQESxQlxAvS5kXC7Pg+4kfK1hH5Fop4HFWfoCFnNY8 drOSapvE5aRaNYeNM64mbiXCgH0pRjsF7U68rKbxSao3oINK4i21N/O3VG2J6nBQ kS9dzyA0afSod2/iURFC3i5x921qv6GdLY+t0PQoeGvQfchyrKyRy5VmIyfsIJ29 mAbsPXiDJylikLC6sVj6V6vWc57ssRK5R/heXMZZXdjbHd4IfxZ5lkWPgiK9jTSy DlAJeBrnoAlAkmUofDrjmiIUAinLe90bvBrCEWHXOlX76NP9gcsCPwuLVh0ln6NU q7qr1eM+C8LzuWbqAR/Qz1NXoMsW52VOvBL6SCrELg0ll+cyGPLtQB5fsUi8mULV LNEqMdSiqKAMgHy6xZyLvyzDM3Nm7KSdW4anTFM6eKoR8+W+MSkgZuvahesn4B+1 pV/i6xEJe9euholBCs2+zFUfLxmLZ4vVtULWfktnVBxGKsyVjpT7i75Ym5jancGM tV6f7A9mbuDK8cCYpQ9SG6r0kxfS+2lBkVdObLZCm6xRPmlno0BmyNEKNQZ5vsV+ UutXBdvbHafGm4ZBGg2VfsIxTw00DxyKX+tNiV5Wu7kanq8UqvBzoRUPzaK+tomU R2m3lhHOWGPvFteIi2yN7DdeoWPHb/HTjbw0igY6jScCYdVuc2A= =aYsF -----END PGP SIGNATURE-----