Back to curl PTS page

Accepted curl 7.64.0-4+deb10u9 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted curl 7.64.0-4+deb10u9 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 16 Mar 2024 22:20:19 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: curl_7.64.0-4+deb10u9_source.changes
Debian-source: curl
Debian-suite: oldoldstable
Debian-version: 7.64.0-4+deb10u9
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=JpxWpiGFs84sOiA0SaybvFAU36i2rI2AyXQQs7+8jRQ=; b=LT2SaO2QwYVf3eREr2+6YV1hmT NSFKaoCFeYNK7v4WsGQmYw86LoUI5f10YwlXhQLKqrsWeZmoYu+tfvqEVWT1ZbG297VoEinUtoCr7 Rie/vDB/bf1FyXS2tflkKoP5w5A+wGOkLVVXuVk0sqwsHpDZKqW2TBZsY963iJyMJUvob3lgcUzFl enNW0Fov+DcdcePm0JQpfgUbb6MWJBIzSoNvQMziPJqJ1rN4apaojN4D92BDldqP876PtTEex+Tu6 o6mSzQLPGW4TEztlEzyIYkrbW9qCIRcYLKRrXLnhQUS1Q1SPE4/4CnlbJSpkLM8lyzac4gOtLt+gt FEsXerFQ==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1rlcO3-00FbvU-RZ@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Jan 2024 21:15:21 +0000
Source: curl
Architecture: source
Version: 7.64.0-4+deb10u9
Distribution: buster-security
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 curl (7.64.0-4+deb10u9) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2023-27534: A path traversal vulnerability existed.
     SFTP implementation causes the tilde (~) character to be
     wrongly replaced when used as a prefix in the first path
     element, in addition to its intended use as the first
     element to indicate a path relative to the user's home
     directory. Attackers can exploit this flaw to bypass
     filtering or execute arbitrary code by crafting a
     path like /~2/foo while accessing a server with
     a specific user.
Checksums-Sha1:
 8e53de70724514047ea998bec09101d2aab8ff38 2719 curl_7.64.0-4+deb10u9.dsc
 eb536d14661eb4d8e23f866e97f901d9f8feda13 72416 curl_7.64.0-4+deb10u9.debian.tar.xz
 53144bba08895f6ae59c924349c484c10f08526e 11907 curl_7.64.0-4+deb10u9_amd64.buildinfo
Checksums-Sha256:
 4aa1619bb94edf34dc8c66fce4665089a9d2daa78ddaf0af7c9d63180b5bd306 2719 curl_7.64.0-4+deb10u9.dsc
 ca0718f3388879cc2c7b6db8d5d784c88ac599721812888c45d84b63c454ef58 72416 curl_7.64.0-4+deb10u9.debian.tar.xz
 cd3962af92e091a5a0ed3e060c9d5cb47c41608d06d857fe9b77ef1ecc4e17d4 11907 curl_7.64.0-4+deb10u9_amd64.buildinfo
Files:
 cf55c9f3a6de5818ff9615d66de703c0 2719 web optional curl_7.64.0-4+deb10u9.dsc
 4cbf807feb576058d9f97c770fbb1883 72416 web optional curl_7.64.0-4+deb10u9.debian.tar.xz
 3135e1334b8b96fa5ed9c89794b7beb0 11907 web optional curl_7.64.0-4+deb10u9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmX2F3MRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF8zpQ//SPJkue0+/4hSUMnsEcCBTQ3THSMyzook
6wqA66Pphjeyy37TRvZfV6Xcvpx/yfRcJ2hh0xpiz9eOF5CR6xbwXvvfpgxuroZd
Z12XxfjHFLTA5Go8zvm/zf3wuqkjvNBv5OMOHhojJ2K7Z45oba2ZdoOncyjm0dua
bxzmbQ3i5n9I5tgIftoysX3TfSvAVTwAzlo8z8XnPgRBsuIm2ODVXWLyi37EPQ5A
W7cHDiQ9aplSotT2C3MRglAo1IhKqkMAc01vKN9wKwEuvPHOLUy62If2yuo9VmGx
FY5oDUXa+Cz6rGi0tZ2XLKqLN+gEqitJP00IWf4kwLH03ZLMQUVh3XvVr44E8Qhe
mSEYl4rZBFn2rDt5Qdjys9UmA8K6olqvfaXk2y1I+zQpEokOqKLVyB1sOf1LPRtl
IUFMTwCIJHuT4BhMd9+kDQPwmXEB0TeteCWjNfoKgsz8k68YcNxROFdMsmq4ljAH
vn5FIPuwgOIAawVPf/ulq6n6aYOBZBArJyKQ5MHkiwNLC6MnMs6bP/IUmKNuHvz0
yckzJxp82SE/nedx4K0pu3HjbePosDp68WvUPb9mJ5L05uc16eTLyH2WzRotNspz
1lxikYwHJhBfwsrrKsoQVt5biqwFX3osbOTGy1rJpC4QyT9yfvmJXItpb02B8Ez5
chPSkTcKa40=
=wIDA
-----END PGP SIGNATURE-----

Attachment: pgpAl3GFtR0Y_.pgp
Description: PGP signature