-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Mar 2018 00:46:06 +0000 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.52.1-5+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Alessandro Ghedini Changed-By: Alessandro Ghedini Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.52.1-5+deb9u5) stretch-security; urgency=high . * Fix NIL byte out of bounds write due to FTP path trickery as per CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html * Fix LDAP NULL pointer dereference as per CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html * Fix RTSP RTP buffer over-read as per CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html Checksums-Sha1: 5499389311f2379793fdbabb71c65dbfe00f5170 2793 curl_7.52.1-5+deb9u5.dsc abc4eb70577da1015ae333ccf9598f9dce5bc209 40000 curl_7.52.1-5+deb9u5.debian.tar.xz 2c483d2b34a3120d9f4c83989832a89347a4f94a 131994 curl-dbgsym_7.52.1-5+deb9u5_amd64.deb b2ee6142a67076a42e52d4568eac164f43a8c459 11020 curl_7.52.1-5+deb9u5_amd64.buildinfo c21d30fbcc6b24b357d8335712c984a02cca98f2 227548 curl_7.52.1-5+deb9u5_amd64.deb a1e06e8d1d7371345d0a33898383ef6e919cad1d 5001448 libcurl3-dbg_7.52.1-5+deb9u5_amd64.deb 5d0b19258a6c50a345943d9912c3a90c67767773 289534 libcurl3-gnutls_7.52.1-5+deb9u5_amd64.deb 5a408a9ae3c0b8e0e6b9203904a5c26119042f6f 295034 libcurl3-nss_7.52.1-5+deb9u5_amd64.deb e3acbffb158033b5d9c9dfa34b6dd2173abb13ff 291242 libcurl3_7.52.1-5+deb9u5_amd64.deb d7001566077f6af23b4f8e229b63f923ce96e46b 827770 libcurl4-doc_7.52.1-5+deb9u5_all.deb 5917b45d08943fee553c2f4ace25fee52dbe803a 372054 libcurl4-gnutls-dev_7.52.1-5+deb9u5_amd64.deb 0ea9cea7c7e88cf02368dfb3174a9dc8d491f475 377672 libcurl4-nss-dev_7.52.1-5+deb9u5_amd64.deb 0c46b2db34c0165cb146b3e3bf37809f0590450e 373808 libcurl4-openssl-dev_7.52.1-5+deb9u5_amd64.deb Checksums-Sha256: 1421d4ff45ec99acfecef621b90689e46b45b14e182d1d0ffc8ae7838ec62285 2793 curl_7.52.1-5+deb9u5.dsc 2f0335ccf140637f0fb11b7a139e3faf8d94dab88603233d22689e4e6b6dce77 40000 curl_7.52.1-5+deb9u5.debian.tar.xz d6d073863546230bef3320596edc6a06dd39018475232577f7b19dda6a4c0f87 131994 curl-dbgsym_7.52.1-5+deb9u5_amd64.deb 1423a43829b5027beaa597b97fee4d6f62bb796cb1a691c195bf44f3db4c52fd 11020 curl_7.52.1-5+deb9u5_amd64.buildinfo d7a7ebeda0619139943846b441fc4e0cc2bde4743196e58bdb743376c5f9d664 227548 curl_7.52.1-5+deb9u5_amd64.deb 5c14c1862d824861716d0ccf8095d5c0d9dc2ce683c1d73f20f14857cd7975c4 5001448 libcurl3-dbg_7.52.1-5+deb9u5_amd64.deb f5bbbd78a7d81561c114790cf03dd68a6d8f92293bed03d386440ce840e5863a 289534 libcurl3-gnutls_7.52.1-5+deb9u5_amd64.deb 06042fa305dacb91984aedc2a95b62932a3a53ad6fe378f57bd750656485eaf2 295034 libcurl3-nss_7.52.1-5+deb9u5_amd64.deb 1d092d9afbe64a724c88d016bc7adf27486a6438ecc1fc7e2797cad31de1028b 291242 libcurl3_7.52.1-5+deb9u5_amd64.deb 93d411753cc9fb75d6b4c49c0b8f8bf1742bed8d102cd7c2a31ca26e041d480d 827770 libcurl4-doc_7.52.1-5+deb9u5_all.deb 1e4f7ddea54cf70fa1cd803b931629526499a713d32da6a227f527920abb3a4e 372054 libcurl4-gnutls-dev_7.52.1-5+deb9u5_amd64.deb 0b340f9c19ce1edd23a336ca7dfda89d07f16c9b48bc963698f76232135ac9ee 377672 libcurl4-nss-dev_7.52.1-5+deb9u5_amd64.deb 482fbecd1e1cf5c9cb5961ae3543ba79dbc11d07f527e059ecdb6e2412a61c8e 373808 libcurl4-openssl-dev_7.52.1-5+deb9u5_amd64.deb Files: 5f658c4efa2a4b7af9bf9883be53c43c 2793 web optional curl_7.52.1-5+deb9u5.dsc 00decba9cc904c141da756ee4ba1cf12 40000 web optional curl_7.52.1-5+deb9u5.debian.tar.xz 19bb7c44ed2007618f709cfc5bb82f24 131994 debug extra curl-dbgsym_7.52.1-5+deb9u5_amd64.deb 58dcbd041defae512e5aa5a309004dd8 11020 web optional curl_7.52.1-5+deb9u5_amd64.buildinfo e3003b97accd37f50499fd2ef5841727 227548 web optional curl_7.52.1-5+deb9u5_amd64.deb 00555037cbc5bf7fe268a6f57a6917de 5001448 debug extra libcurl3-dbg_7.52.1-5+deb9u5_amd64.deb 8a47ec8c3f87ac5de955f08d696cb7f4 289534 libs optional libcurl3-gnutls_7.52.1-5+deb9u5_amd64.deb d4f5e40c2475d177bd689bf717d25cbd 295034 libs optional libcurl3-nss_7.52.1-5+deb9u5_amd64.deb a4728157a31f91eafda296eccb97d178 291242 libs optional libcurl3_7.52.1-5+deb9u5_amd64.deb a559f9eca9298d7c249f0e4a1d0a9584 827770 doc optional libcurl4-doc_7.52.1-5+deb9u5_all.deb 8d465e1bb956e01c55a480f0f4101580 372054 libdevel optional libcurl4-gnutls-dev_7.52.1-5+deb9u5_amd64.deb 109b49a7458815b125d7451494bac984 377672 libdevel optional libcurl4-nss-dev_7.52.1-5+deb9u5_amd64.deb 952eba7162423089e8ae1dc97f1df4c5 373808 libdevel optional libcurl4-openssl-dev_7.52.1-5+deb9u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlqoVREACgkQbwzL4CFi Ryjngw/+KJis0Xp5gTDhIOSu9GfIa+8pBYyeKjox4Bl4SMXQ9DPl4lQYX3bGEpBd +B7zx05skzMxNig5vxMkKHl0FeuZBzdfs+j5lGqLzW3Aj8addyMuhic+3kva/Uuz KFr7ZQrUweLZe15AaioCSlBZXzTYxF4Yj/w5QNScGNqgkCFMvj5E1RtrVx+WojZy OBB7dR36mlL1C9e/C9RkPRfYShhBlT6FDGI1uTeNPt8uqsmfNxlN3inksPT6yrbt 7Q4SJCsnd2ccTp/aA7zoII59rKpPl6al9HPpTz4ifvBEm9PQEIZQ5O2FPq8aVtuj Ln5EnNgD1Vp1xXXsJZxJxtY+U2kWGCUZJl5MaxtToqCcv6Druka+A1x3nH7IljN/ t3W/Vyd5SC6+7oibYdgccOTg6fDGXL50UF+BZbH5tVug7+GQOmhJIHdFWcgifXwz 31mY7jBBxbX8ARTm975mrtX3hav0DVfxIodJhlj/x5BFG47poU5XWRLMpeBqDgie 2jj4OnZvIY3BgyV87I2jV5at0U5u0czXH32IZyyC5PysKSMi4pQ+JJUjGTTUU48l 1f0qCCTV+ux9RGMpvHuMsVXPP+LcXzlGfsY4LzIvkJTLdYI7j0vBCrtMDfrkd4M7 aCjx56dqIaDibWtsTJxKxC44s9MQVqWw2FTySXgyeBAyFo5iJ1A= =nI64 -----END PGP SIGNATURE-----