Accepted curl 7.38.0-4.1tanglu3.2 (source)

Thomas Funk t.funk at web.de
Fri Jan 6 15:48:06 EST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 06 Jan 2017 18:55:18 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source
Version: 7.38.0-4.1tanglu3.2
Distribution: chromodoris-updates
Urgency: high
Maintainer: Tanglu Developers <tanglu-devel-discuss at lists.tanglu.org>
Changed-By: Thomas Funk <t.funk at web.de>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.38.0-4.1tanglu3.2) chromodoris-updates; urgency=high
 .
   * Update package to state of Debian 7.38.0-4+deb8u5 for Tanglu because
     of security issue DSA 3705-1
   * Remaining changes:
     - Fix cookie injection for other servers as per CVE-2016-8615
       https://curl.haxx.se/docs/adv_20161102A.html
     - Fix case insensitive password comparison as per CVE-2016-8616
       https://curl.haxx.se/docs/adv_20161102B.html
     - Fix OOB write via unchecked multiplication as per CVE-2016-8617
       https://curl.haxx.se/docs/adv_20161102C.html
     - Fix double-free in curl_maprintf as per CVE-2016-8618
       https://curl.haxx.se/docs/adv_20161102D.html
     - Fix double-free in krb5 code as per CVE-2016-8619
       https://curl.haxx.se/docs/adv_20161102E.html
     - Fix glob parser write/read out of bounds as per CVE-2016-8620
       https://curl.haxx.se/docs/adv_20161102F.html
     - Fix curl_getdate read out of bounds as per CVE-2016-8621
       https://curl.haxx.se/docs/adv_20161102G.html
     - Fix URL unescape heap overflow via integer truncation as per CVE-2016-8622
       https://curl.haxx.se/docs/adv_20161102H.html
     - Fix use-after-free via shared cookies as per CVE-2016-8623
       https://curl.haxx.se/docs/adv_20161102I.html
     - Fix invalid URL parsing with '#' as per CVE-2016-8624
       https://curl.haxx.se/docs/adv_20161102J.html
Checksums-Sha1:
 6b2b58806c08cf1938b348405bee0c3c09700bda 2748 curl_7.38.0-4.1tanglu3.2.dsc
 11f9e686ed279b037cfe946bac62742efb7933a8 41176 curl_7.38.0-4.1tanglu3.2.debian.tar.xz
Checksums-Sha256:
 0d24dd8a72ba403cd06748385e32c5a41309277eee54b549644d7e209cc7001f 2748 curl_7.38.0-4.1tanglu3.2.dsc
 2ba6c9e04416a4189008b0a542d461a528d758efa651e7437fad8e24a6af2f4d 41176 curl_7.38.0-4.1tanglu3.2.debian.tar.xz
Files:
 015d135c1596534093acf2b1b39ce8c3 2748 web optional curl_7.38.0-4.1tanglu3.2.dsc
 19250f1ef23646a7a6de53cd28b0e69d 41176 web optional curl_7.38.0-4.1tanglu3.2.debian.tar.xz
Original-Maintainer: Alessandro Ghedini <ghedo at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJYcACgAAoJEBHQSAmiZP360OQQAL4PB/BDPPgxkQ1YPJW73CqX
SWDZTR/7He+pSIw/biA2BAqe+fafbUO0uRZbbI/N8OEdktHlDmWuI7Bxfs78530v
dfqwGbu0GPlJgizQ87J6F/0RJVK+3hLghNwDjg3HZFH+Kf58ts9rOcPoPn+8wDTa
KtBYGoihLdkAVHaomqQJK7a2iaNoLadAP3KBsP5eZNYGyL9+a/FKvnl1Js9re8Hd
5CMPGmIMLPdr7KamkldMaoO5bP7TyYq6bfLeCF8yZf3TpvoPdNHkXyKRWpNe8f1f
2GJRqZWmlBCcKeEIOVRjtwqZ0UlPXAatkbSJmUj8MMgKJc82FMiYGu52Z1mNzjsE
oTg6xykbA+PaD+TSbOcwO3llpLYEYxep1AALgO43FCAboY/SjNodDoPdaR+8hb2S
P5hDXKaHujs5zh+S8WpThDt07lZev8NGft1mu8AF0wASLLeA/1Qvt4Afr1yOHHT+
S7qcvZyHRafXPP/P9MC1iYrBjWB8nJCMq8YpokJsAO2TY7R2bCktpJfjkokNq1YL
c162GZEmQVTvtXloSaEQc3cH2Y5B8aSVycoOwbdHUhRnxc66ADj8xJF2nm4niKKr
5mnJvv+TF6XK8sKLDaJeOGQ32yajkWKy/x6j+5RcZd6yIIfpOn7jyyCoYAHp3Pr7
T6rRU7bTTRJ//jzEaLrW
=NRNp
-----END PGP SIGNATURE-----



More information about the Tanglu-changes mailing list