-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Mar 2018 20:47:46 +0000 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: i386 Version: 7.38.0-4+deb8u10 Distribution: jessie-security Urgency: high Maintainer: amd64 Build Daemon (binet) Changed-By: Alessandro Ghedini Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-4+deb8u10) jessie-security; urgency=high . * Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html * Fix LDAP NULL pointer dereference as per CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html * Fix RTSP RTP buffer over-read as per CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html Checksums-Sha1: 8b3f1b624aee3c8f7ca7dae0f28faa48ff190d19 203204 curl_7.38.0-4+deb8u10_i386.deb ae819d8561c24ce8f1dcaccdb2b11bb5649f97b1 279474 libcurl3_7.38.0-4+deb8u10_i386.deb 2918b7a46d7326e2f4699668f90a622c69d81107 270574 libcurl3-gnutls_7.38.0-4+deb8u10_i386.deb b460ed49104bbb3a9e4d4681f197d3fb3be8f12b 282322 libcurl3-nss_7.38.0-4+deb8u10_i386.deb b35710941c0fe0e5e0465cbd4e23a920ce7161d4 361488 libcurl4-openssl-dev_7.38.0-4+deb8u10_i386.deb 56772790393d0a521dd8cfdb5f6eacb87fa6a395 351852 libcurl4-gnutls-dev_7.38.0-4+deb8u10_i386.deb 44e51ff4f0af181e7e2c6f98793a06db5c95be77 365202 libcurl4-nss-dev_7.38.0-4+deb8u10_i386.deb cc1b13e23cb2e9a7be1887bd9e0ab1eb60d47150 3136084 libcurl3-dbg_7.38.0-4+deb8u10_i386.deb Checksums-Sha256: 1b3f084b62e645a0870ed4dc00295c0ddecb9d8d315cc764e30e81f9a218002e 203204 curl_7.38.0-4+deb8u10_i386.deb 13456b6a4a2ae24dce31883be1d4872364b06979bcf224f08ce1c2b42326edbc 279474 libcurl3_7.38.0-4+deb8u10_i386.deb 7490d4d680ff2a1d9b787a5e9fdc047dbc6730957583a934b2ba1d6fd2b797a2 270574 libcurl3-gnutls_7.38.0-4+deb8u10_i386.deb 59413a8cdbbbfaf105ba3bd5c0a464b7396e85f9109f529af4b7b7d20d43abcb 282322 libcurl3-nss_7.38.0-4+deb8u10_i386.deb c861a2242eda70ce5d9001f05c62dc2454c46febbd03e483ef73fb8d3da70275 361488 libcurl4-openssl-dev_7.38.0-4+deb8u10_i386.deb 60f1e339f99352f21af6b335bf1d539ff68fe7c6743cf6e8035a5e62dd7b278c 351852 libcurl4-gnutls-dev_7.38.0-4+deb8u10_i386.deb ff01e020765700981a1c150d2e409fe24b252f41fd4a4ecbcfb5993cbec441f3 365202 libcurl4-nss-dev_7.38.0-4+deb8u10_i386.deb 1947bdbd6d43de11cb17d2e5220fc7ac6d9fce1e0e759a05c741e5dce63e4975 3136084 libcurl3-dbg_7.38.0-4+deb8u10_i386.deb Files: 028bb01176390697f5fcf27c09b3a0e7 203204 web optional curl_7.38.0-4+deb8u10_i386.deb 27f281e64119100a78e75a5ed295697f 279474 libs optional libcurl3_7.38.0-4+deb8u10_i386.deb fdaf72c6cf06a6080704ac2e26d9cd8a 270574 libs optional libcurl3-gnutls_7.38.0-4+deb8u10_i386.deb 118774888e5faa16dedcec585a2a8fb4 282322 libs optional libcurl3-nss_7.38.0-4+deb8u10_i386.deb 63539b6aa054289889c66f503bf3f19c 361488 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u10_i386.deb 65b222fdbf93c6bdf2f779fedf0f08fe 351852 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u10_i386.deb 2900a94da0399d8004dd3fffcd766f0e 365202 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u10_i386.deb 08f26e77744c48c12e84b0a97e91a17f 3136084 debug extra libcurl3-dbg_7.38.0-4+deb8u10_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyT9Sp5Gew/rj3m7114gF3mj51YMFAlqoaUIACgkQ14gF3mj5 1YPmtQ/+MWFkGwVN6FquHVoZfwXsk/hr1ufF1wxuHhXUSiNjp9vkXUi7nqrfdkca PCqSEadYTVz3OlvbN2tQ86UIOu9MY0478HyIEjdQI9TMWDpKLYyd+UyCRbRK2Skc u9SqDssf/ew7Ol7TALy1XjPufGJmm1H1dyC49Dm/cr1fsJ8Gkxvg9J2kHIBFQk4l dZ03gw+UKYyZgeJQsn0BFRWy2KqmBLXizEzXs7mq/fJ3Dvn5MgcVYqXgz1/QWqGL 1KDK57931NspzNDv1erC4ipmjFu09+OzAKMlsU55AT3BIqJv2DpZEL+DAewgUL2W AsXapjENawGXFbqeX5MMNegoGj69sTI1VkLwYri/9G0vEA+Ie/2DSPy0OuxFN9wI KF79sd97eJJKsLGQf/y1r9/GEHk6dGKJ8YgqgWmQSVlulk5u/7hHqURB9kDky00J 76eUO15aRYHvx2mpqI6rilnKo3KoD9LjnaYp3SpUl53Y79xKdCx/CJD0T+PV7G3O Bp4DTUq8KdodbyvtVDTzK/uL3S66RsUJeCtgTM+OtsMmSQ3jFf2lCBuULe+8qWHs fqmWvUKOiwa5NNjK7HWeyQ7lg4VnNKPv58/t1o1cculXycQUNdx14oAZad0LAAMo MOABawAD/rHh9Bi6mQ2eyKn9jzct1JfZTBcCkQwRrljnx3aenwA= =ByXF -----END PGP SIGNATURE-----