-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Apr 2024 20:02:10 -0300 Source: curl Architecture: source Version: 7.88.1-10+deb12u6 Distribution: bookworm Urgency: medium Maintainer: Alessandro Ghedini <ghedo@debian.org> Changed-By: Guilherme Puida Moreira <guilherme@puida.xyz> Closes: 1053643 Changes: curl (7.88.1-10+deb12u6) bookworm; urgency=medium . * Team upload. . [ Sergio Durigan Junior ] * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch: (Closes: #1053643) . [ Guilherme Puida Moreira ] * Add patches to fix CVE-2024-2004 and CVE-2024-2398. - CVE-2024-2004: When a protocol selection parameter disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. - CVE-2024-2398: When an application tells libcurl it wants to allow HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push and leaks the memory allocated for the previously allocated headers. * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch: Refresh patch. Checksums-Sha1: 52c890495756d34fb4b89e25bc2f16116694ba0d 3252 curl_7.88.1-10+deb12u6.dsc 6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz 9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc b8b226f2311631ed777c95fdd2a07e303709ca11 68308 curl_7.88.1-10+deb12u6.debian.tar.xz 9f8f3a0e6768af8858598bd754ae0fe147f6f445 13506 curl_7.88.1-10+deb12u6_amd64.buildinfo Checksums-Sha256: b99fda7743560442cd5cacc493f286b83dc8369b7b87691cae7927e90196cdc3 3252 curl_7.88.1-10+deb12u6.dsc cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562 curl_7.88.1.orig.tar.gz 7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488 curl_7.88.1.orig.tar.gz.asc 8ab5134089702e4cebc5a3c93485ba9ed5d540146c69aadd025ccec7b0bd8718 68308 curl_7.88.1-10+deb12u6.debian.tar.xz 80e1ec7633a980840b00c46a01c7b4dcdc170e34570c6151a7b1764e7bb67213 13506 curl_7.88.1-10+deb12u6_amd64.buildinfo Files: 2eccd80c7c4261fdb267ac492917ae94 3252 web optional curl_7.88.1-10+deb12u6.dsc 1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz 08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc e4388f077b3f06643b3dde1c7f6db79f 68308 web optional curl_7.88.1-10+deb12u6.debian.tar.xz fb9fed9f2a88ef4bec50a790ce45f537 13506 web optional curl_7.88.1-10+deb12u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEv66eMxqGenyA2Ot49OSs27jQi+AFAmYS29UACgkQ9OSs27jQ i+AJEg//V7rWo/OOPq6UpPvpoqjV9rHHiJbrNs7saH0ELz05n1uhe/zNsC9jWvAg yPWMhvP35MvRKJ3gxuBmKo9z0513qJA7PXZ8ogV3G8qx3VRWAcHzTXbXgFA7qAM+ EVE9pY31BpjwarXMIXMFOg0ync8fPQK4nzjRf25A8aHMowmKfYIndhHKTGfL2q4P DhJdgi0KQdPNh/fzy6EngDC/R1pwDcI6W4hSA24CmuD8dWntTGnM/nfrHD3Cgbrl 5R5vz2UsAUqr3kHpaYB6nyWirCka/08LHuRAk1o4oaDTYvnZUSvk6n6ezLx/+BLs I32FZ1CqRuNmfl9tjDwCS8IweyD563oIX7lqFhu14c4pUGlerSuPotQHhDIns9JC MLyjAvm5CzQnCwnO5hbF8NpTuIs3t7nOAcYLEX3TJ6JWaXnCqbqbr3sgY0sCw/Lw 23Mkgw1+d+fKTI5OhaV8ZmfTnQq0iXSknYuBJ8MzELTTiPSFiCzx505fWFha1FLT VE/LHZAOHOPpJlWZU1iOyzlTPxdX7CfB70L8+9xAsexixW1FGDHqT0VxN6XyBJBQ 4SmIprWZ4zG1eKblCXbnCswg/RkEDm+D41epW4JxfB9cix4JQxOne6ctycSRJgUX IE3UY9BB/kU614pewuDxn/PLExD0rZs4xl/Rd3vwRma7QAdh3mQ= =PsLK -----END PGP SIGNATURE-----
Attachment:
pgpn1zJo0sL1h.pgp
Description: PGP signature