-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Mar 2018 20:47:46 +0000 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.38.0-4+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Alessandro Ghedini Changed-By: Alessandro Ghedini Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-4+deb8u10) jessie-security; urgency=high . * Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html * Fix LDAP NULL pointer dereference as per CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html * Fix RTSP RTP buffer over-read as per CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html Checksums-Sha1: 9896f3a07aa083d2944f6a1a68dfe050549bb81f 2673 curl_7.38.0-4+deb8u10.dsc ec5a7637b5a19f032d82d3ddfd41de0556a2c1cb 47208 curl_7.38.0-4+deb8u10.debian.tar.xz b9eb83d5e46e79422f613d24082b57a8f2c03c98 200814 curl_7.38.0-4+deb8u10_amd64.deb ea471285edabc916430c7956c252cef804e55033 259728 libcurl3_7.38.0-4+deb8u10_amd64.deb 3ede8851f5e0338963f213f81ea5c48a095e652e 252366 libcurl3-gnutls_7.38.0-4+deb8u10_amd64.deb 6979cf9ba963205b11973b55f77fd1cb965b2768 263784 libcurl3-nss_7.38.0-4+deb8u10_amd64.deb 49c5ffd9883fd228b7d8256fa663f8e944a6ab04 337402 libcurl4-openssl-dev_7.38.0-4+deb8u10_amd64.deb 00d2357a928dcfc75bf682e8e727968ec0a06c48 328912 libcurl4-gnutls-dev_7.38.0-4+deb8u10_amd64.deb 0b4b987464a015d1196052c42f9eda3b1f0e4766 341250 libcurl4-nss-dev_7.38.0-4+deb8u10_amd64.deb f28a7316dbf058b9407de7a6895ded10518a1d71 3371398 libcurl3-dbg_7.38.0-4+deb8u10_amd64.deb 072db298d8e8e974bd9c2ca9b0b2b0884e905e38 1067032 libcurl4-doc_7.38.0-4+deb8u10_all.deb Checksums-Sha256: 8c63e3d24209e7eee792a8bc80a540dcfadf881452e43e8c500dcac192c3a73c 2673 curl_7.38.0-4+deb8u10.dsc 917f9e86ed29504a962e5b982a455cfbd272a5e38a6ee050dfa343a2790fe746 47208 curl_7.38.0-4+deb8u10.debian.tar.xz e1f8ff9b2665a2dd5ed79776e5770e99f919ca9b5bb4df6920d375b5ebc6f534 200814 curl_7.38.0-4+deb8u10_amd64.deb 7459409b79e313ae2fd5edc21ed947169d7e89057748da48aefba5f6e4fdc505 259728 libcurl3_7.38.0-4+deb8u10_amd64.deb 8962b4799c5298c87b1ece5912569d4062628992005f924974d3186a224d60c0 252366 libcurl3-gnutls_7.38.0-4+deb8u10_amd64.deb a6f9250036d576dc5f8b30f563e5d49f0e33c28982cf24f777cc6a5febf5eb24 263784 libcurl3-nss_7.38.0-4+deb8u10_amd64.deb 72f610e33605139b3ab641cc6312b30acfbba4e2684e5f0380a743c77f2619be 337402 libcurl4-openssl-dev_7.38.0-4+deb8u10_amd64.deb d250a98c9fade4e3390d077d8920e174814a85f488b661aeb2e4d48f91f5026a 328912 libcurl4-gnutls-dev_7.38.0-4+deb8u10_amd64.deb 016856b4c332df4b9a3e338c79bfd28496561191693e7f26f58e78d50cc4e9b5 341250 libcurl4-nss-dev_7.38.0-4+deb8u10_amd64.deb 6c86c815f5451f54499301dca302a53283a6c5183a20acd4f9c5030dd4da3adc 3371398 libcurl3-dbg_7.38.0-4+deb8u10_amd64.deb 95f4c8b17cd0c9c3afc88642b353ae4a899b6d08590f747736d1e3787782965f 1067032 libcurl4-doc_7.38.0-4+deb8u10_all.deb Files: d293ed1d0a6884f2606fc7bb275daa21 2673 web optional curl_7.38.0-4+deb8u10.dsc e48ccbd1924d5cbaf47286299088a5b8 47208 web optional curl_7.38.0-4+deb8u10.debian.tar.xz 38cd129602fba82dd76c4a0807e210be 200814 web optional curl_7.38.0-4+deb8u10_amd64.deb 9861f8e78249389769115ffdd0482094 259728 libs optional libcurl3_7.38.0-4+deb8u10_amd64.deb a5ecfc9dcaab3b979318390d0ad391c1 252366 libs optional libcurl3-gnutls_7.38.0-4+deb8u10_amd64.deb 99812ac40880d180b4e644c07f19c3fb 263784 libs optional libcurl3-nss_7.38.0-4+deb8u10_amd64.deb 71be46f8f48e1b3b5416625e6d93eb1c 337402 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u10_amd64.deb 67a2c714c472f21e1f77ae8fddb1a2fb 328912 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u10_amd64.deb 91a6b3c541b8672b09cc188f7646eb5c 341250 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u10_amd64.deb 0ee92e25278dbfffe6100bc1377beabb 3371398 debug extra libcurl3-dbg_7.38.0-4+deb8u10_amd64.deb 139249b50362263870526afa6d16715d 1067032 doc optional libcurl4-doc_7.38.0-4+deb8u10_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlqoTGkACgkQbwzL4CFi RyjONg//aMmKGycoU9lIHD3ciD3I090pAdEM1ZUzY7tnDG9MCsC2sd2Lc3Cq935W jRq/Ns0FTFJm2x8PspnnDK4736EjQe5mwZck0uM68QwUO/LsbrecfzuMSPp76s7S g6BeDLWIqinQgiKbBnhHbUspqekLWjGMJfZQ68Oea75aIcbaz+Yp6tMTxmWm4Pvs QXgx8ZKIOuIp8EJLhZ+5k6FvERaKVTGnUUbx8znqvMYOcQaKk+2s75MJEddb9yzC OahXKY7iPU+71twydr8KL5JXCMyBw5hq/qjDQffe99tpKuwP56UHSe5sL8OVlvts oAHKDsZ0GxsZm/HxdW6UOMt9aOf7gIkkeYZiYVbEGxxEzKo7jt6PF3bipTHvu88a GfgNYxPcVucV7k5wvlW7lycS1xkkESC1j1pv/XLU9yISoXR2c+Ljztq2r5kWPcLu hHif+KD2UOs5ucH1hOQvHQ+KEJRuA4LiBAf6aHBgJhoSPAo1keN2eMpmq5JBuYDx 9K5peOF4ansQ7quPkSguxce+z1HU590yaNAHyTNsow2vYCwccw/piPAxGYtuiKrY tpISVEOAxJinH0e5COXYNsNlLwC32wFF90BJ71Ikk4loMnFsEpd+pizmZuOCsxNX embr8qV2NU2LE15dI68rve7tEKrz2oWztEZqgkwy10tfO35r8qc= =nOcf -----END PGP SIGNATURE-----