Debian Package Tracker
Register | Log in
Subscribe

curl

command line tool for transferring data with URL syntax

Choose email to subscribe with

general
  • source: curl (main)
  • version: 7.87.0-2
  • maintainer: Alessandro Ghedini (DMD)
  • uploaders: Sergio Durigan Junior [DMD] – Samuel Henrique [DMD]
  • arch: all any
  • std-ver: 4.6.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 7.52.1-5+deb9u10
  • o-o-sec: 7.52.1-5+deb9u16
  • oldstable: 7.64.0-4+deb10u2
  • old-sec: 7.64.0-4+deb10u4
  • old-bpo: 7.74.0-1.2~bpo10+1
  • stable: 7.74.0-1.3+deb11u3
  • stable-sec: 7.74.0-1.3+deb11u5
  • stable-bpo: 7.87.0-2~bpo11+1
  • stable-p-u: 7.74.0-1.3+deb11u5
  • testing: 7.87.0-2
  • unstable: 7.87.0-2
versioned links
  • 7.52.1-5+deb9u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.52.1-5+deb9u16: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.64.0-4+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.64.0-4+deb10u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.74.0-1.2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.74.0-1.3+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.74.0-1.3+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.87.0-2~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 7.87.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • curl (35 bugs: 0, 26, 9, 0)
  • libcurl3-gnutls (10 bugs: 0, 10, 0, 0)
  • libcurl3-nss (1 bugs: 0, 1, 0, 0)
  • libcurl4 (2 bugs: 0, 2, 0, 0)
  • libcurl4-doc
  • libcurl4-gnutls-dev
  • libcurl4-nss-dev
  • libcurl4-openssl-dev (4 bugs: 0, 4, 0, 0)
action needed
lintian reports 1 error and 6 warnings high
Lintian reports 1 error and 6 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2023-01-16 Last update: 2023-01-17 00:36
8 bugs tagged patch in the BTS normal
The BTS contains patches fixing 8 bugs (9 if counting merged bugs), consider including or untagging them.
Created: 2022-07-27 Last update: 2023-02-06 22:30
No known security issue in bullseye wishlist

There are 2 open security issues in bullseye.

2 ignored issues:
  • CVE-2022-42916: In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
  • CVE-2022-43551: A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
Created: 2022-10-26 Last update: 2023-02-04 03:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.1).
Created: 2022-12-17 Last update: 2023-01-16 05:25
testing migrations
  • This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2023-01-31] Accepted curl 7.74.0-1.3+deb11u5 (source) into proposed-updates (Debian FTP Masters) (signed by: Samuel Henrique)
  • [2023-01-31] Accepted curl 7.74.0-1.3+deb11u4 (source) into proposed-updates (Debian FTP Masters) (signed by: Samuel Henrique)
  • [2023-01-28] Accepted curl 7.64.0-4+deb10u4 (source) into oldstable (Roberto C. Sánchez) (signed by: Roberto C. Sanchez)
  • [2023-01-27] Accepted curl 7.74.0-1.3+deb11u5 (source) into stable-security (Debian FTP Masters) (signed by: Samuel Henrique)
  • [2023-01-27] Accepted curl 7.74.0-1.3+deb11u4 (source) into stable-security (Debian FTP Masters) (signed by: Samuel Henrique)
  • [2023-01-21] Accepted curl 7.87.0-2~bpo11+1 (source) into bullseye-backports (Samuel Henrique)
  • [2023-01-21] curl 7.87.0-2 MIGRATED to testing (Debian testing watch)
  • [2023-01-15] Accepted curl 7.87.0-2 (source) into unstable (Samuel Henrique)
  • [2022-12-29] Accepted curl 7.87.0-1~bpo11+1 (source) into bullseye-backports (Samuel Henrique)
  • [2022-12-29] curl 7.87.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-12-23] Accepted curl 7.87.0-1 (source) into unstable (Samuel Henrique)
  • [2022-12-21] Accepted curl 7.86.0-3 (source) into unstable (Sergio Durigan Junior)
  • [2022-11-22] curl 7.86.0-2 MIGRATED to testing (Debian testing watch)
  • [2022-11-22] curl 7.86.0-2 MIGRATED to testing (Debian testing watch)
  • [2022-11-15] Accepted curl 7.86.0-2 (source) into unstable (Samuel Henrique)
  • [2022-11-09] curl 7.86.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-27] Accepted curl 7.86.0-1 (source) into unstable (Samuel Henrique)
  • [2022-09-10] Accepted curl 7.85.0-1~bpo11+1 (source) into bullseye-backports (Samuel Henrique)
  • [2022-09-07] curl 7.85.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-09-04] Accepted curl 7.64.0-4+deb10u3 (source) into oldstable (Markus Koschany)
  • [2022-09-04] Accepted curl 7.74.0-1.3+deb11u3 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2022-09-04] Accepted curl 7.85.0-1 (source) into unstable (Samuel Henrique)
  • [2022-08-13] Accepted curl 7.74.0-1.3+deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
  • [2022-08-01] Accepted curl 7.74.0-1.3+deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Markus Koschany)
  • [2022-07-17] Accepted curl 7.84.0-2~bpo11+1 (source) into bullseye-backports (Samuel Henrique)
  • [2022-07-17] curl 7.84.0-2 MIGRATED to testing (Debian testing watch)
  • [2022-07-17] curl 7.84.0-2 MIGRATED to testing (Debian testing watch)
  • [2022-07-11] Accepted curl 7.84.0-2 (source) into unstable (Samuel Henrique)
  • [2022-06-27] Accepted curl 7.84.0-1 (source) into unstable (Samuel Henrique)
  • [2022-06-20] curl 7.83.1-2 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 52 57
  • RC: 0
  • I&N: 43 46
  • M&W: 9 11
  • F&P: 0
  • patch: 8 9
links
  • homepage
  • lintian (1, 6)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 7.87.0-1ubuntu1
  • 64 bugs (3 patches)
  • patches for 7.87.0-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing