Back to curl PTS page

Accepted curl 7.38.0-4+deb8u15 (source amd64 all) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 May 2019 22:09:04 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source amd64 all
Version: 7.38.0-4+deb8u15
Distribution: jessie-security
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.38.0-4+deb8u15) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-5436:
     libcurl contains a heap buffer overflow in the function
     tftp_receive_packet() that receives data from a TFTP server. It calls
     recvfrom() with the default size for the buffer rather than with the size
     that was used to allocate it. Thus, the content that might overwrite the
     heap memory is entirely controlled by the server.
Checksums-Sha1:
 db8d41e1c1ba4f0325464d128a7b7fac6a397860 2824 curl_7.38.0-4+deb8u15.dsc
 1c213d8e66ee781576ee3f34a59232dfde58a202 57928 curl_7.38.0-4+deb8u15.debian.tar.xz
 edd64e4e3bac004d730735bbac2852348868f0aa 204486 curl_7.38.0-4+deb8u15_amd64.deb
 f10a56278c78ccee2a7a9fe898dab6b818dfa706 259276 libcurl3_7.38.0-4+deb8u15_amd64.deb
 08c185ca3029ecb53e25ebcdfed212b491efc7e9 250976 libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb
 e913d37ca2a60d3eef20aa7069e804e19a7f6af0 260946 libcurl3-nss_7.38.0-4+deb8u15_amd64.deb
 5c40236a0f43e47542a9370ffe93b30f7e510469 322288 libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb
 37d11df5efeff2ce5ff961668aac71fcdb6de011 314478 libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb
 beac399d44d663a6ec4be324980e4ea20eb34e71 324964 libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb
 572bb153f414436d7ab1b9d183a80b120660950e 2603448 libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb
 856e27a33789aa7adef54e29be6063c1cf467c54 1068144 libcurl4-doc_7.38.0-4+deb8u15_all.deb
Checksums-Sha256:
 974ceb515fefc87cb735252d84a406c0b330721ee1f895d935c69828cd1c958f 2824 curl_7.38.0-4+deb8u15.dsc
 8fa2d674b499046c23d418c8d0c8e5531f5943a626cedd663c446270399bb8fe 57928 curl_7.38.0-4+deb8u15.debian.tar.xz
 0cc00e8cd657455b520f1aea15b303c5c0079be70e9531cf37510fce55eea3ce 204486 curl_7.38.0-4+deb8u15_amd64.deb
 64b4b14119affe54a938153d0f00591fc48128d2846b725ced5dc9ac6ea1f844 259276 libcurl3_7.38.0-4+deb8u15_amd64.deb
 0a81be423ed91d3ad54fa99c581c07a78140965e546e267e112df56f15cb30fe 250976 libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb
 869537d50aa88ae7f87a171672f9ee82f515b00fb669ca70229557db0c384823 260946 libcurl3-nss_7.38.0-4+deb8u15_amd64.deb
 33f6abcbdd5e3c581cf1620d23def6fa38c3f7b58f7556dbf2bf5001f4b2d83e 322288 libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb
 1b93dcdb54363d965891550cc2f9ea438aff7732802d2ed3fbc1741b8d4adae4 314478 libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb
 b5a23733df9d26bdc8b5792bd2182a675602c8c3213cc1b886b480ce84c120a4 324964 libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb
 17fbe30034f17a3fe95f1f2cdf7e743b7d3e3989ec4467144f457b4aa2e02150 2603448 libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb
 1d41baa036f9422c9303fb22fa59d521ecfaa3e97dca2fd82b1ae504bd8a0f52 1068144 libcurl4-doc_7.38.0-4+deb8u15_all.deb
Files:
 1f172d81b3be00392f302259b1c1d968 2824 web optional curl_7.38.0-4+deb8u15.dsc
 5a704a8fef53258163bb583deddd5a9f 57928 web optional curl_7.38.0-4+deb8u15.debian.tar.xz
 2abf2f880e4d316cfb1014f99f02b020 204486 web optional curl_7.38.0-4+deb8u15_amd64.deb
 62fad725496f4aa307fee0dcfaaf6d94 259276 libs optional libcurl3_7.38.0-4+deb8u15_amd64.deb
 e92a793bc5b1c5c39b4bd769f090d769 250976 libs optional libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb
 399f156f01964147efae0afa808f160c 260946 libs optional libcurl3-nss_7.38.0-4+deb8u15_amd64.deb
 52bf6859d68835fea5e40bd4d4d35e12 322288 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb
 4e3fde41d644cfce797ae6ecf7ac00bb 314478 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb
 ff1099568cc76d3586fcc678f7b6ec39 324964 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb
 6c82c09deff33f469b20131ce8d63191 2603448 debug extra libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb
 57511016510a988992fceb4a8a1be490 1068144 doc optional libcurl4-doc_7.38.0-4+deb8u15_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzps/BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfE0P/jS7KdoonoDAa1X45HNYldxIZEnk3F3QTz5b
HixceVph6i/lMf80FkRjzN4bZQSFRbn6tZSyVxeJb7ddYWBAMaJRFVOl+Athb4+s
2AT6K2tT4fEz5noEReK09SM3goDKFFHJjwMvVwRdi/bUVr35NBO33oHwxHUFDVWk
9fZKPCfdeWORBeX0cSmLxmWlw1tyjnOH5w0zUwVJgs6Yk1ZViH5dXxhwg8qyGSYv
Zp58KxFSCf4cB3q0eMKM/3101aQ9hp+ToogtKwyV6EjqUAfEbJnv0GFF5RUavcrE
8m1R87eLqo1S4svt3MAD70UCOuV8UQhBK8g+8Ie8qosn3EZo1tTMJhZTWRmRllPZ
V9TBSEISVIdNRpRm6olSWxCzF2tWSBmz1f2f5GpecAdjmJy4W/Drr6jMZ0uBWO4K
zObOGTp9fBXNILbdTLXj8izz9SPqAiVlr14zGI5kFPDIvt8jEpKyqmLvf2N5qIXC
eJRyrvhVCoHbRe+KXbLUn3Vn0/QdO96uQ3wzRBqtAzfDUjDqaU2v0J9jLHQ03sNc
lRR6cMiD6wCT2W+rSu2FzrP6xzdgyALVUROSAICvrwzFL5oZUWt91p5zBqJ/qS46
cUbSC4D4CbxTBJKAMqEPz7nNGuuI035jliV++Byf+hYOjLtP6iE/JUBEhrCeHvSu
7uFHiec3
=k5+h
-----END PGP SIGNATURE-----