Accepted curl 7.86.0-3 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted curl 7.86.0-3 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 21 Dec 2022 21:50:30 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: curl_7.86.0-3_source.changes
- Debian-source: curl
- Debian-suite: unstable
- Debian-version: 7.86.0-3
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=X1FAKCjo5kI/SWgYpebrNqDD7qonvHZsbOVq/bhIfDQ=; b=KyTrUZMrjznVTU/7XSw8yuPhcV hHQaFsaEWl88qsZEwdlg62W9Rd+7BHPhrwoCgTb2ZR+gzeFyKFgtossuzpAvSdRvJEW646mOh7Etg hkWpyte8CZPvZ982wQy4pQuGI+FEcT099xGmJfswgk8wl7xQyGdV1DV8VEBnEj31HXgKCeIMH0Kz5 LCAI1XYGx02if9uEDRIjkJrhhlDcLX0GHxD9t/FbGP0zrKfu2Zh+JiRLX1b7b0jnc9WL2hGUMT+iw RbUNynCYxdtACfHpxKuSiB/kp4W2K8YlMTAzlMXvkdmpJJRpXzeWWtiyXfmonVwmTZwZnqUQbaLBo G7tk+DEA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1p86ys-00CKJq-QT@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 21 Dec 2022 15:55:18 -0500
Source: curl
Architecture: source
Version: 7.86.0-3
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Sergio Durigan Junior <sergiodj@debian.org>
Closes: 1026829 1026830
Changes:
curl (7.86.0-3) unstable; urgency=medium
.
* Fix two HSTS-related CVEs.
- d/p/CVE-2022-43551-another-hsts-bypass-via-idn.patch: use the IDN
decoded name in HSTS checks.
(Closes: #1026829, CVE-2022-43551)
- d/p/CVE-2022-43552-http-proxy-deny-use-after-free.patch: do not free
smb's/telnet's protocol struct in *_done().
(Closes: #1026830, CVE-2022-43552)
Checksums-Sha1:
05f0961a9715c55c229ef61e3987a368f79bae76 2984 curl_7.86.0-3.dsc
1d1606131b7457c50a84f869efd357ada13284ac 41656 curl_7.86.0-3.debian.tar.xz
6bf113b5b0b83aa5da28bcc94285b340dd6a1ce0 12826 curl_7.86.0-3_amd64.buildinfo
Checksums-Sha256:
0d827d32b5a11cfc755fac6df75641ac2a6236ceec4e1ada1086b8505835d58e 2984 curl_7.86.0-3.dsc
466e1fcf4fa5726ef86ee254c8725e11837395ebb9c41ee13fa4cea15b77956f 41656 curl_7.86.0-3.debian.tar.xz
5cd8d28cdd6798ed67caee5c80732cbd5befb84682b0af4817f69bfeffb84873 12826 curl_7.86.0-3_amd64.buildinfo
Files:
1e7d4bd4084636525d7a2b8706b56833 2984 web optional curl_7.86.0-3.dsc
d803d3feaee509f9ad57979488c5ca9a 41656 web optional curl_7.86.0-3.debian.tar.xz
fc56bcf4ae7e335fdf0eccfe562d7dd5 12826 web optional curl_7.86.0-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEI3pUsQKHKL8A7zH00Ot2KGX8XjYFAmOjeioUHHNlcmdpb2Rq
QGRlYmlhbi5vcmcACgkQ0Ot2KGX8XjazcxAAgCSsR7wCWZg+tCx2gzQTMejrlinv
eVxXvVzTAdHvf5YauNL+qYSY5quo3E8yDsYn3mDr5PCE1ge6xDk7idR+ziq/WOQQ
vR1tFsLCNbmB324+UVGe77tAcE4ECSlScVX+P0b9vUFeSRgrexXv5NVGGce9AE+U
Pfdly1yJugLC3bveqy3agMCcOMLKH9UZyErUXHMML/+aESNbFlPkUMPRzk5K9PW0
v2bZRmvlmlX4beAJI9YzY7DNPPPUiDmy5FvvmckfP7tn1yb6yPJ/J+w2N8f97738
4RoeUPVqX1JfC1m1lkwdoYMLM5gd+1PYCIjKbzUlZsnL9B5VXPi+vYcWXzpJNCSn
fiHXAAjMgR6deAi/v88sd8TB1hhrBn4GoEXSilSpInEBhoYFfMUuKCO4Ku4MBljg
wpjBhrdCQ02T7IYU1iBZ8TQu23gb7/aj9r8i722AYBnmNEcYFmytuXAi36z1Cg2y
k8TLG6BLvNE6DXXrg4rnTZTsWWZgWWaIW+UeLmsjYAzWzjPXbZChp7lhZ2u8B4vg
K4UeeduPTs0HB6rXUZD4Et15SFVQrCRHfqJXNey8cyRTHpNnHvGSv63hrBMbAiH0
AuXz5Y4h77aPAKe1cGTNv6PF2k5QuOm7gc3FPNwbJpgF3sO3uE53Arp7qD2o0VWQ
6oWyZqFRBKErPss=
=Bkbs
-----END PGP SIGNATURE-----