Debian Package Tracker

From: Alessandro Ghedini <ghedo@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted curl 7.62.0-1 (source) into unstable
Date: Thu, 01 Nov 2018 00:34:23 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 31 Oct 2018 22:42:44 +0000
Source: curl
Binary: curl libcurl4 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.62.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 908327 911333
Changes:
 curl (7.62.0-1) unstable; urgency=medium
 .
   * New upstream release
     + Fix NTLM password overflow via integer overflow as per CVE-2018-14618
       (Closes: #908327) https://curl.haxx.se/docs/CVE-2018-14618.html
     + Fix SASL password overflow via integer overflow as per CVE-2018-16839
       https://curl.haxx.se/docs/CVE-2018-16839.html
     + Fix use-after-free in handle close as per CVE-2018-16840
       https://curl.haxx.se/docs/CVE-2018-16840.html
     + Fix warning message out-of-buffer read as per CVE-2018-16842
       https://curl.haxx.se/docs/CVE-2018-16842.html
     + Fix broken terminal output (closes: #911333)
   * Refresh patches
   * Add 12_fix-runtests-curl.patch to fix running curl in tests
Checksums-Sha1:
 8efa0e38e07dfc9e8f82661d376d145fc6c22eea 2687 curl_7.62.0-1.dsc
 0db6f8129e556fdb4257d7271942293b1b00889f 4045208 curl_7.62.0.orig.tar.gz
 7a706c600c2444e11b2018b8008ec1605046be4b 28764 curl_7.62.0-1.debian.tar.xz
 e850804c43dfcc796ac105ea9d9f5de657c5965f 11014 curl_7.62.0-1_amd64.buildinfo
Checksums-Sha256:
 9a95b882b900fa8c0f25b03befd8af3a2c6d4cdfe0ea72e3accfe9b1153f2aec 2687 curl_7.62.0-1.dsc
 55ccd5b5209f8cc53d4250e2a9fd87e6f67dd323ae8bd7d06b072cfcbb7836cb 4045208 curl_7.62.0.orig.tar.gz
 6c3574ad00b4d5811339d02275a75420263698b03d5d5bc39bfc7eece1c219bd 28764 curl_7.62.0-1.debian.tar.xz
 c780f5b3b4901eefcebad13fcc8bdd4c612732f51b953c35c23603054af81145 11014 curl_7.62.0-1_amd64.buildinfo
Files:
 038c1f0daf0967b57a4402dfe63d7ee3 2687 web optional curl_7.62.0-1.dsc
 e60dbe74a5907c16524ec06e8c787497 4045208 web optional curl_7.62.0.orig.tar.gz
 8a495147d30650ac1a6b8ba4ac391100 28764 web optional curl_7.62.0-1.debian.tar.xz
 b4af4c624664bbf55a3beae42ea0cc01 11014 web optional curl_7.62.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAlvaRAYRHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRyjT/A//Tr0G2wqoMDe7p9rfmH9LV9U9iTrFdK2T
v5R6MWDRPROoaMIYhFJxRdft53exg0wtNv1xcafzCWjmq1eicUKLd3QscEobMOq7
Nhf86oL81JxPg3MgRkaPFXIxOqU3wra8KXKXkHs6g12h7gyJEQ26C4+caJkrbmoz
NN3sBH3NihlPhHCCZ1m4rRfssc5lT2u/NBHPhPcBtATXaMcCCgmjqLDHQd55LBCe
1YEL9WPYtVEz5heC55YZc2oKdSarJCTiU+N9X6ehvXfU2GpxDA6Fyhioyt+fwEq+
nLX5PUG2XlpPhcmt045XH6fXmcv59TbooHvLaWvjzbEFYaFmY40AZAwQ7Y90yorY
YSvdiK114Ch5qgKbZpDzZMhE/NQIzqkUAlS8Dm6LiPH49IVuQbHMQWvK6km0+SMx
f0sxTn6AraDRRvaKS4pKSfvZcjhZt9Zs6ZaZIqzEnLChN1lwf2x2yFGnYnvkUfjl
EG1AvMsCjmNyoqUWxktaaPn7mrOs3NG++/xMweteoPD0ilBLNTJLOhogeocsKA4j
jy/HBmYZPMRl6LmEo5/AxzPwkdvFD1Q84LTxg09MBQ3vEq0qi6ZO6UVViWYGbVjK
R688VP2hz2dFzrvR1dGAMhkKf3HwLbMUpDMdrr+Is0yCYWNGHiNqQ+o49ESpAl7e
Rp43fIZsOcE=
=AWDr
-----END PGP SIGNATURE-----
News for package curl
