curl - Debian Package Tracker

general

source: curl (main)
version: 7.74.0-1.2
maintainer: Alessandro Ghedini (DMD)
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 7.52.1-5+deb9u10
old-sec: 7.52.1-5+deb9u14
stable: 7.64.0-4+deb10u1
stable-sec: 7.64.0-4+deb10u2
stable-bpo: 7.74.0-1.2~bpo10+1
stable-p-u: 7.64.0-4+deb10u2
testing: 7.74.0-1.2
unstable: 7.74.0-1.2

versioned links

7.52.1-5+deb9u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.52.1-5+deb9u14: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.64.0-4+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.64.0-4+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.74.0-1.2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.74.0-1.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

curl (36 bugs: 1, 25, 10, 0)
libcurl3-gnutls (10 bugs: 0, 10, 0, 0)
libcurl3-nss (1 bugs: 0, 1, 0, 0)
libcurl4 (2 bugs: 1, 1, 0, 0)
libcurl4-doc
libcurl4-gnutls-dev
libcurl4-nss-dev
libcurl4-openssl-dev (3 bugs: 0, 3, 0, 0)

action needed

Multiarch hinter reports 4 issue(s) high

There are issues with the multiarch metadata for this package.

libcurl4-gnutls-dev conflicts on /usr/bin/curl-config on any two of amd64, arm64, armel, armhf, and 5 more
libcurl4-nss-dev conflicts on /usr/bin/curl-config on any two of amd64, arm64, armel, armhf, and 5 more
libcurl4-openssl-dev conflicts on /usr/bin/curl-config on any two of amd64, arm64, armel, armhf, and 5 more
libcurl4-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2021-06-18 18:34

A new upstream version is available: 7.77.0 high

A new upstream version 7.77.0 is available, you should consider packaging it.

Created: 2021-02-05 Last update: 2021-06-18 16:31

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2021-22898: curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Created: 2021-05-26 Last update: 2021-06-13 05:30

Depends on packages which need a new maintainer normal

The packages that curl depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2019-11-22 Last update: 2021-06-18 19:03

7 bugs tagged patch in the BTS normal

The BTS contains patches fixing 7 bugs (8 if counting merged bugs), consider including or untagging them.

Created: 2020-10-19 Last update: 2021-06-18 18:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2021-04-23 Last update: 2021-04-23 01:04

1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:

CVE-2021-22898: (needs triaging) curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-05-26 Last update: 2021-06-13 05:30

testing migrations

This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-05-17] Accepted curl 7.52.1-5+deb9u14 (source) into oldstable (Sylvain Beucler)
[2021-04-16] Accepted curl 7.74.0-1.2~bpo10+1 (source amd64 all) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: W. Martin Borgert)
[2021-04-13] curl 7.74.0-1.2 MIGRATED to testing (Debian testing watch)
[2021-04-08] Accepted curl 7.74.0-1.2 (source) into unstable (Salvatore Bonaccorso)
[2021-04-05] Accepted curl 7.64.0-4+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Alessandro Ghedini)
[2021-03-31] Accepted curl 7.64.0-4+deb10u2 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Alessandro Ghedini)
[2021-02-23] curl 7.74.0-1.1 MIGRATED to testing (Debian testing watch)
[2021-02-13] Accepted curl 7.74.0-1.1 (source) into unstable (Samuel Henrique)
[2021-01-07] curl 7.74.0-1 MIGRATED to testing (Debian testing watch)
[2020-12-31] Accepted curl 7.74.0-1 (source) into unstable (Alessandro Ghedini)
[2020-12-18] Accepted curl 7.52.1-5+deb9u13 (source) into oldstable (Roberto C. Sánchez) (signed by: Roberto C. Sanchez)
[2020-09-26] Accepted curl 7.52.1-5+deb9u12 (source amd64 all) into oldstable (Thorsten Alteholz)
[2020-08-29] curl 7.72.0-1 MIGRATED to testing (Debian testing watch)
[2020-08-29] curl 7.72.0-1 MIGRATED to testing (Debian testing watch)
[2020-08-24] Accepted curl 7.72.0-1 (source) into unstable (Alessandro Ghedini)
[2020-07-28] Accepted curl 7.52.1-5+deb9u11 (source amd64 all) into oldstable (Thorsten Alteholz)
[2020-02-29] curl 7.68.0-1 MIGRATED to testing (Debian testing watch)
[2020-02-25] Accepted curl 7.52.1-5+deb9u10 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Alessandro Ghedini)
[2020-02-25] Accepted curl 7.64.0-4+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Alessandro Ghedini)
[2020-02-24] Accepted curl 7.52.1-5+deb9u10 (source) into oldstable->embargoed, oldstable (Alessandro Ghedini)
[2020-02-24] Accepted curl 7.64.0-4+deb10u1 (source) into stable->embargoed, stable (Alessandro Ghedini)
[2020-02-22] Accepted curl 7.68.0-1 (source) into unstable (Alessandro Ghedini)
[2019-12-07] curl 7.67.0-2 MIGRATED to testing (Debian testing watch)
[2019-12-01] Accepted curl 7.67.0-2 (source) into unstable (Alessandro Ghedini)
[2019-11-30] Accepted curl 7.67.0-1 (source) into unstable (Alessandro Ghedini)
[2019-09-21] curl 7.66.0-1 MIGRATED to testing (Debian testing watch)
[2019-09-15] Accepted curl 7.66.0-1 (source) into unstable (Alessandro Ghedini)
[2019-09-13] Accepted curl 7.38.0-4+deb8u16 (source amd64 all) into oldoldstable (Chris Lamb)
[2019-08-15] curl 7.65.3-1 MIGRATED to testing (Debian testing watch)
[2019-08-09] Accepted curl 7.65.3-1 (source) into unstable (Alessandro Ghedini)

bugs [bug history graph]

all: 54 59
RC: 2
I&N: 42 45
M&W: 10 12
F&P: 0
patch: 7 8

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.74.0-1.2ubuntu2
61 bugs (3 patches)
patches for 7.74.0-1.2ubuntu2