Accepted curl 7.52.1-5+deb9u13 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 17 Dec 2020 14:12:07 -0500
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.52.1-5+deb9u13
Distribution: stretch-security
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 977161 977162 977163
Changes:
curl (7.52.1-5+deb9u13) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2020-8284
malicious server can use the FTP PASV response to trick curl into
connecting back to a given IP address and port, and this way potentially
make curl extract information about services that are otherwise private and
not disclosed, for example doing port scanning and service banner
extractions (Closes: #977163)
* CVE-2020-8285
curl is vulnerable to uncontrolled recursion due to a stack overflow issue
in FTP wildcard match parsing (Closes: #977162)
* CVE-2020-8286
curl is vulnerable to an improper check for certificate revocation due to
insufficient verification of the OCSP response (Closes: #977161)
Checksums-Sha1:
ee6ecb3332355434e969e2e51ba22a2a512ec7ea 2797 curl_7.52.1-5+deb9u13.dsc
e10855b3941a2acf7c35eed8fd2584a0ff6b458b 48744 curl_7.52.1-5+deb9u13.debian.tar.xz
81c5252ee34d823d0dca062c8705ae4bffc95330 11276 curl_7.52.1-5+deb9u13_amd64.buildinfo
Checksums-Sha256:
394b35eceaaf3c3545b3fcc673ef43c4d81f0f26f27392333e7c593e63c2d24e 2797 curl_7.52.1-5+deb9u13.dsc
685ebde74e62c02bb6c0c55b0430be76ee85fe038f468b47330c23c18f74647f 48744 curl_7.52.1-5+deb9u13.debian.tar.xz
8847473ae5741e3a1399355a938c16b4760b978bd45d4090072cbf90e22be160 11276 curl_7.52.1-5+deb9u13_amd64.buildinfo
Files:
f722928468c7ba8986962e26a657fff3 2797 web optional curl_7.52.1-5+deb9u13.dsc
4ca6e2ed5820446869e9d54297fdd31e 48744 web optional curl_7.52.1-5+deb9u13.debian.tar.xz
63ab0be5d30f172a1cb1edc63214c186 11276 web optional curl_7.52.1-5+deb9u13_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl/cvWQACgkQldFmTdL1
kUJ52hAAneP7BZB6ng7yHR7Ms2EoUfjXTmwNrM+3AWO5Z7eygb4tUILRqZ38iD2d
kDSLyTBdZzSKkJ3KlWlwjZnJLqBxeviH4acKio2mBB9gv1rhnl8OnJiz5yyveGO5
WDYCwDp7v55uFwPH6a4RoXrLm3UNprve0YiCWWL+fTPeU3l+fl5PxJtW3g63LjeW
jBN1d3WheWBrh9nlXQlhB0IFIkotijE2B5/3GL8BzaWK1Y5sv16jQPe46SuSZHfl
uX/rZm5950sHtRsHTco6fO3SbJCBg8NHrq0jTSuguOIEILgr6GIQHWiAVx94tTem
MrfPO1w1B5SmemX8e6FmgfMCHviN9b4AH323dBT9FzVq2JmAjVzt2CQ0BTU32Gq1
xn1KFPUYoPEVfFxEdVqKy0w00AHjeg6J57DspyYMtITA7Fuf2iU0Hu0r1sMHe1cY
aRTMFsyP7MvpUWg1kR5Tg1NoHTnWjMhnbY/+S901tqWMcaAiAJ4ZzYB/JtiuD8EG
bDBt6NqGvyz9EwWJUCv32gh9QuDv1JSEweQbGZWFtWmFYf3rPjmFm+80SY0KUa5N
IMf85J46KGyTo4hjxzlrEGeZqmgu8/brWZVCTpIT4waD2pDJTcEtI1M7shms7dme
wv5Kfx9fsi6wrl7nLMsMFKhOovlZRDxY2GzMaXh5hXIi6PAK4ow=
=DTo+
-----END PGP SIGNATURE-----