-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 May 2018 20:21:17 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc Architecture: source Version: 7.60.0-1 Distribution: unstable Urgency: medium Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Alessandro Ghedini <ghedo@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Closes: 891997 893546 898856 Changes: curl (7.60.0-1) unstable; urgency=medium . * New upstream release (Closes: #891997, #893546, #898856) + Fix use of IPv6 literals with NO_PROXY + Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html + Fix LDAP NULL pointer dereference as per CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html + Fix RTSP RTP buffer over-read as per CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html + Fix heap buffer overflow when closing down an FTP connection with very long server command replies as per CVE-2018-1000300 https://curl.haxx.se/docs/adv_2018-82c2.html + Fix heap buffer over-read when parsing bad RTSP headers as per CVE-2018-1000301 https://curl.haxx.se/docs/adv_2018-b138.html * Refresh patches * Bump Standards-Version to 4.1.4 (no changes needed) Checksums-Sha1: 17ea89ff570f6466eaab758c5571e9537e3edea2 2678 curl_7.60.0-1.dsc 31c68f25832ee3af7480a48d1d5dffbe6771df17 3949173 curl_7.60.0.orig.tar.gz 3bd916f98238507af55094a476f94d5f683ab1f5 28044 curl_7.60.0-1.debian.tar.xz d7baa16151de879cb30d649457d02eca0becb5b6 11037 curl_7.60.0-1_amd64.buildinfo Checksums-Sha256: bc0ff8df97daaef91be8492f006705620edb8129a91cf96bd52b321edccbe4be 2678 curl_7.60.0-1.dsc e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5 3949173 curl_7.60.0.orig.tar.gz 9df332182666f04e07a676059942c6c4f7c786be84d938bcaf13bdb4e03c9c15 28044 curl_7.60.0-1.debian.tar.xz f598785e350d65c5632040cf60711194f099e7cf0ecc11238f398ae14beefa54 11037 curl_7.60.0-1_amd64.buildinfo Files: c96352a68653156f136dea88a708710f 2678 web optional curl_7.60.0-1.dsc 48eb126345d3b0f0a71a486b7f5d0307 3949173 web optional curl_7.60.0.orig.tar.gz 337a49ee94c699e5d1778bd00e234d70 28044 web optional curl_7.60.0-1.debian.tar.xz 7bb524e3fc07fab2a8101e7798b96480 11037 web optional curl_7.60.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlr/KKYACgkQbwzL4CFi Ryjl3Q//SkK5BErM205mP6pjsacLr1BUooqlNuS7il8blqpSztuxD7em1MkpWRhR cC7kBVbFtaP8QJq9nK0UOHUdA5ctsQRw+X1m1v3RAYLWn+1BKtyiWUJFAl09ZSyd c4PYpeZ5CVKEvzY3RjJyb67UR0zONpiZYfG9HPWIsPQzavPJz5kOjj6SdtpnrLGN L8jp0exUwjmWg/JUaWKBbsa1ATM+nS7uW+sv4PewWNPniNuGQObNHGSeRvPvj/TW UkZ4hZPDDjxztZJRO9XjMfHAq6hldb6tuckzWCEORC9+X17El1ezS0FEL71IkNmU sddH5mj9WVxqV3VGMcW85A66SssJDWDaSCiK0CmDBsxH2T40MuoSiu9aIWHkTsNd mM441gQ6vLVr7sOIcuUFqZPxYEsIM7PTiskk6xvqYPSVU0kP5aTPOwLf4Ktc46Dp 96/ZyRvv6tY1MV7nqm2cYx6+2pYrwjVyoWb0swCZ5weEthsOL1DM9mpQT2Sr95Ql zxIKNZ7D5LPQE5s85lXuufTjlUxXnb3wIiQqNeSouqQQ33y/Vlp3/Fv+HJOj/lf7 T1riF9JAqd2BVWQs7uSaQv4fNArJ95oUDAZy54NFkRBiMRgh3raJw78noJctcK18 VH5xVzf9UepsEIS0C313u+fie0bFr02n6jz9tpVM+U61mCUrlv0= =Ts3m -----END PGP SIGNATURE-----
