Accepted curl 7.38.0-4.1tanglu3.1 (source)

Thomas Funk t.funk at web.de
Tue Aug 16 15:03:06 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 15 Aug 2016 22:04:19 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.38.0-4.1tanglu3.1
Distribution: chromodoris-updates
Urgency: high
Maintainer: Tanglu Developers <tanglu-devel-discuss at lists.tanglu.org>
Changed-By: Thomas Funk <t.funk at web.de>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.38.0-4.1tanglu3.1) chromodoris-updates; urgency=high
 .
   * Update package to state of Debian 7.38.0-4+deb8u4 for Tanglu because
     of security issue DSA 3638-1
   * Remaining changes:
     - Fix re-using authenticated connection when unauthenticated
       as per CVE-2015-3143
       http://curl.haxx.se/docs/adv_20150422A.html
     - Fix host name out of boundary memory access as per CVE-2015-3144
       http://curl.haxx.se/docs/adv_20150422D.html
     - Fix cookie parser out of boundary memory access as per CVE-2015-3145
       http://curl.haxx.se/docs/adv_20150422C.html
     - Fix Negotiate not treated as connection-oriented as per CVE-2015-3148
       http://curl.haxx.se/docs/adv_20150422B.html
     - Don't send sensitive HTTP server headers to proxies as per CVE-2015-3153
       http://curl.haxx.se/docs/adv_20150429.html
     - Fix NTLM credentials not-checked for proxy connection re-use
       as per CVE-2016-0755
       http://curl.haxx.se/docs/adv_20160127A.htm
     - Fix TLS session resumption client cert bypass as per CVE-2016-5419
       https://curl.haxx.se/docs/adv_20160803A.html
     - Fix re-using connection with wrong client cert as per CVE-2016-5420
       https://curl.haxx.se/docs/adv_20160803B.html
     - Fix use of connection struct after free as per CVE-2016-5421
       https://curl.haxx.se/docs/adv_20160803C.html
     - Add libcurl3.triggers, libcurl3-nss.triggers and libcurl3-gnutls.triggers
       to prevent lintian error 'package-must-activate-ldconfig-trigger'
Checksums-Sha1:
 1c32d47b5d1bf6329dec348f5831434e2f6211f3 2748 curl_7.38.0-4.1tanglu3.1.dsc
 629eea23e80cf63889b6966883cfb86083e0cbf3 34960 curl_7.38.0-4.1tanglu3.1.debian.tar.xz
Checksums-Sha256:
 f95875f3aee21c0f199ed257a081d891327f74a91efc4a9c84e34b0a0a1ed097 2748 curl_7.38.0-4.1tanglu3.1.dsc
 a8d697ca1180ed5ddbb192c2d5da2cf4273c4471d20f125a2174e558c907530c 34960 curl_7.38.0-4.1tanglu3.1.debian.tar.xz
Files:
 0f6d7a1b948a148ac14653797fe86a25 2748 web optional curl_7.38.0-4.1tanglu3.1.dsc
 ab411d8bc20e1f8b0c8945b392b41f0a 34960 web optional curl_7.38.0-4.1tanglu3.1.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXs2E9AAoJEBHQSAmiZP36nI8P/3UOrJtsU/73iS94Yp7S8tb0
GZtpVMNC3QQZGgZu0K0vO+m0QH6jHSritftGuiXVVvgpqRo6wBY0mr8Xt9wntill
pP3J/4pDpFM37x5H3deReSc6wgmL9bxqu3NESKLlFIozJ4868eIjzW3RMtiwaZqD
POEOXY8iQR1NkBaEJohOn+OYou0EAtoKG9qwVvSLZE/M/cJs2TjvkILNEqXLNxH8
oCbQfpXwhyS3uoEzFb3yhGOeK/BhN4b6DkqLzprEbQL1jSj6mh7t8XwKEwhCO3aL
g2yAUef/3cRU3qv943WDh7gvgiICnR5P/qxVFTBnQEj9MJICmWsSNkSc7aBdpKu3
UyGBszDxQXxVNu0i4HWaq+r3UAGJnUPn5t/ssBZz2HdHnaWYYxQ2eKSj+qM1NRfu
SLmMcd6ceVSGA04HuLWBrp2kt/5Pi2lq/4YsSQwCS6jJSKEu0BTKXI5DcKyWwKh7
EbENYcN0H02W5OW+kR3OabGOo+CsN0qZlX3ERsa+KIJRFMTlAjBatmcGJSrrFTwo
WI+U9iMXfFOkalqzPGlm7q0VfeIssBkAlkouLZ+guFsf4ymxhPiBVhySafarO2Lm
TeY1vBmXMCXWy8MQC3UH7ot6DNRqNJGJuRU+4QhlCRS5frcq6/KqVPjokAc1WKIq
UYva9Hb2RGPcTGaGPVN1
=yBHW
-----END PGP SIGNATURE-----



More information about the Tanglu-changes mailing list