Accepted curl 7.60.0-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 May 2018 20:21:17 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.60.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 891997 893546 898856
Changes:
curl (7.60.0-1) unstable; urgency=medium
.
* New upstream release (Closes: #891997, #893546, #898856)
+ Fix use of IPv6 literals with NO_PROXY
+ Fix NIL byte out of bounds write due to FTP path trickery
as per CVE-2018-1000120
https://curl.haxx.se/docs/adv_2018-9cd6.html
+ Fix LDAP NULL pointer dereference as per CVE-2018-1000121
https://curl.haxx.se/docs/adv_2018-97a2.html
+ Fix RTSP RTP buffer over-read as per CVE-2018-1000122
https://curl.haxx.se/docs/adv_2018-b047.html
+ Fix heap buffer overflow when closing down an FTP connection
with very long server command replies as per CVE-2018-1000300
https://curl.haxx.se/docs/adv_2018-82c2.html
+ Fix heap buffer over-read when parsing bad RTSP headers
as per CVE-2018-1000301
https://curl.haxx.se/docs/adv_2018-b138.html
* Refresh patches
* Bump Standards-Version to 4.1.4 (no changes needed)
Checksums-Sha1:
17ea89ff570f6466eaab758c5571e9537e3edea2 2678 curl_7.60.0-1.dsc
31c68f25832ee3af7480a48d1d5dffbe6771df17 3949173 curl_7.60.0.orig.tar.gz
3bd916f98238507af55094a476f94d5f683ab1f5 28044 curl_7.60.0-1.debian.tar.xz
d7baa16151de879cb30d649457d02eca0becb5b6 11037 curl_7.60.0-1_amd64.buildinfo
Checksums-Sha256:
bc0ff8df97daaef91be8492f006705620edb8129a91cf96bd52b321edccbe4be 2678 curl_7.60.0-1.dsc
e9c37986337743f37fd14fe8737f246e97aec94b39d1b71e8a5973f72a9fc4f5 3949173 curl_7.60.0.orig.tar.gz
9df332182666f04e07a676059942c6c4f7c786be84d938bcaf13bdb4e03c9c15 28044 curl_7.60.0-1.debian.tar.xz
f598785e350d65c5632040cf60711194f099e7cf0ecc11238f398ae14beefa54 11037 curl_7.60.0-1_amd64.buildinfo
Files:
c96352a68653156f136dea88a708710f 2678 web optional curl_7.60.0-1.dsc
48eb126345d3b0f0a71a486b7f5d0307 3949173 web optional curl_7.60.0.orig.tar.gz
337a49ee94c699e5d1778bd00e234d70 28044 web optional curl_7.60.0-1.debian.tar.xz
7bb524e3fc07fab2a8101e7798b96480 11037 web optional curl_7.60.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlr/KKYACgkQbwzL4CFi
Ryjl3Q//SkK5BErM205mP6pjsacLr1BUooqlNuS7il8blqpSztuxD7em1MkpWRhR
cC7kBVbFtaP8QJq9nK0UOHUdA5ctsQRw+X1m1v3RAYLWn+1BKtyiWUJFAl09ZSyd
c4PYpeZ5CVKEvzY3RjJyb67UR0zONpiZYfG9HPWIsPQzavPJz5kOjj6SdtpnrLGN
L8jp0exUwjmWg/JUaWKBbsa1ATM+nS7uW+sv4PewWNPniNuGQObNHGSeRvPvj/TW
UkZ4hZPDDjxztZJRO9XjMfHAq6hldb6tuckzWCEORC9+X17El1ezS0FEL71IkNmU
sddH5mj9WVxqV3VGMcW85A66SssJDWDaSCiK0CmDBsxH2T40MuoSiu9aIWHkTsNd
mM441gQ6vLVr7sOIcuUFqZPxYEsIM7PTiskk6xvqYPSVU0kP5aTPOwLf4Ktc46Dp
96/ZyRvv6tY1MV7nqm2cYx6+2pYrwjVyoWb0swCZ5weEthsOL1DM9mpQT2Sr95Ql
zxIKNZ7D5LPQE5s85lXuufTjlUxXnb3wIiQqNeSouqQQ33y/Vlp3/Fv+HJOj/lf7
T1riF9JAqd2BVWQs7uSaQv4fNArJ95oUDAZy54NFkRBiMRgh3raJw78noJctcK18
VH5xVzf9UepsEIS0C313u+fie0bFr02n6jz9tpVM+U61mCUrlv0=
=Ts3m
-----END PGP SIGNATURE-----