-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Apr 2024 20:02:10 -0300 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: armhf Version: 7.88.1-10+deb12u6 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Guilherme Puida Moreira Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Closes: 1053643 Changes: curl (7.88.1-10+deb12u6) bookworm; urgency=medium . * Team upload. . [ Sergio Durigan Junior ] * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch: (Closes: #1053643) . [ Guilherme Puida Moreira ] * Add patches to fix CVE-2024-2004 and CVE-2024-2398. - CVE-2024-2004: When a protocol selection parameter disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. - CVE-2024-2398: When an application tells libcurl it wants to allow HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push and leaks the memory allocated for the previously allocated headers. * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch: Refresh patch. Checksums-Sha1: 052f6165769cc1df146c3200823f729b2a020207 159084 curl-dbgsym_7.88.1-10+deb12u6_armhf.deb 2e3e6de6850f35a764a852e8eadd29e4d176fd7f 12843 curl_7.88.1-10+deb12u6_armhf-buildd.buildinfo b249685b4b9c9e94cdb8c772d46a6c853d2b1c09 305232 curl_7.88.1-10+deb12u6_armhf.deb 10bef5852dfd4a5cffbe49b921aec88496061abf 1000440 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u6_armhf.deb a73f150da260590fb3d016cc5f044ac8d10c492f 344968 libcurl3-gnutls_7.88.1-10+deb12u6_armhf.deb a7966676e67c9f3a1ef3b47976f83c3a28bbc001 1045820 libcurl3-nss-dbgsym_7.88.1-10+deb12u6_armhf.deb 31ebc8cc73e6fbe8b01cf7de6058a1caa85298ce 352468 libcurl3-nss_7.88.1-10+deb12u6_armhf.deb bc9428b989c9644fbbb7ee2cf45a84e6d4b12f06 1027340 libcurl4-dbgsym_7.88.1-10+deb12u6_armhf.deb baee27145b7d4d0ee53801e948aa814db47f950c 451408 libcurl4-gnutls-dev_7.88.1-10+deb12u6_armhf.deb 1227080cedd59914059e63a6d00ba4dc79ad66af 459208 libcurl4-nss-dev_7.88.1-10+deb12u6_armhf.deb 7fd642663a6083c0e37e48d758c4a30da108b6c8 456296 libcurl4-openssl-dev_7.88.1-10+deb12u6_armhf.deb d423c810b6382da03cdeefd6ff33af5b14fda542 349916 libcurl4_7.88.1-10+deb12u6_armhf.deb Checksums-Sha256: 624aa5060c6de729667b0102a9c482ee7a64cf8c68abef99a7c0abc5e75082c4 159084 curl-dbgsym_7.88.1-10+deb12u6_armhf.deb 74ced2fd04db25494c1df17dad9d3d8c2fd7761f9ab927455a06949599745048 12843 curl_7.88.1-10+deb12u6_armhf-buildd.buildinfo 3a7168b55e348bf2d8d011586632e84907755f264c832dce19f068b7518174da 305232 curl_7.88.1-10+deb12u6_armhf.deb a70f5c087c5cb1be8fddb3ed113b240845fc468432d2319363ae70b1a2379647 1000440 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u6_armhf.deb 5a4e4e42892dbd99ac759957888dd733e82cd26a294ae6dded66732a79d16dd1 344968 libcurl3-gnutls_7.88.1-10+deb12u6_armhf.deb 4792644e387ab40c3baf9a764e66c8e651bdae3e31647e2d704297a821eec7e8 1045820 libcurl3-nss-dbgsym_7.88.1-10+deb12u6_armhf.deb 360fd183c371e12841734ae464074be5a27656a205912abc193b22df0bd32f72 352468 libcurl3-nss_7.88.1-10+deb12u6_armhf.deb b9ab90ac42514d51de2e854d4254d5a0e3fc04bbfe55a31cde88776defa186f2 1027340 libcurl4-dbgsym_7.88.1-10+deb12u6_armhf.deb 5614edc52c0a84d7290f52c1d2fe14941197d70ad62b1b975b9b1544ba07a58b 451408 libcurl4-gnutls-dev_7.88.1-10+deb12u6_armhf.deb 6745182b1112d437ce0725898c756aede7309f5665e9a3cf2ee5d49ea567d6c7 459208 libcurl4-nss-dev_7.88.1-10+deb12u6_armhf.deb 032e2339bdad89a244b243c2a37196d1205f9dca92e81923a87079f1874bc88d 456296 libcurl4-openssl-dev_7.88.1-10+deb12u6_armhf.deb 7d1c0d6c0dd68e7af66caaab6138985a8a3a3884f9bc1d75968b4ae56b7d6456 349916 libcurl4_7.88.1-10+deb12u6_armhf.deb Files: 01aeda287b241aef43934bd90766e1aa 159084 debug optional curl-dbgsym_7.88.1-10+deb12u6_armhf.deb e264f7d7cce1915356a2933975846cdc 12843 web optional curl_7.88.1-10+deb12u6_armhf-buildd.buildinfo b1aa52dd0bac90bb9322527947b10a86 305232 web optional curl_7.88.1-10+deb12u6_armhf.deb 68102b46cded212dc3dbb479850efadd 1000440 debug optional libcurl3-gnutls-dbgsym_7.88.1-10+deb12u6_armhf.deb 7d160b15291de56656224a2d2221d64a 344968 libs optional libcurl3-gnutls_7.88.1-10+deb12u6_armhf.deb 31dac67bcca9c69548f28dd8ca92caaf 1045820 debug optional libcurl3-nss-dbgsym_7.88.1-10+deb12u6_armhf.deb 2f2dc8622b166b61f96521c5bb9b0ce7 352468 libs optional libcurl3-nss_7.88.1-10+deb12u6_armhf.deb 8bc1eb10cb7471526c6c09594c3483de 1027340 debug optional libcurl4-dbgsym_7.88.1-10+deb12u6_armhf.deb 04ccf94f6a2f0c88a0d3634ae5414f4f 451408 libdevel optional libcurl4-gnutls-dev_7.88.1-10+deb12u6_armhf.deb c892ed6d0667cfdf31956f018d653322 459208 libdevel optional libcurl4-nss-dev_7.88.1-10+deb12u6_armhf.deb 2af4fd100b5a9e7ed3d3dcf89626734b 456296 libdevel optional libcurl4-openssl-dev_7.88.1-10+deb12u6_armhf.deb 727a2acbf0d8ceb50d684d444a363864 349916 libs optional libcurl4_7.88.1-10+deb12u6_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEU5Ohx66NeEdc9V4jWTHLDRjMKsQFAmYVhVsACgkQWTHLDRjM KsTaRg/9GWu8CTQPuJRvWBSieZYmjVgyuph8L7ZWDj6+4cy+stHWrNToLO7kiThl ZQNSIuduZg+BwMu+b3ml0yANI1ubSnsRCVeKfLLgULkEg7rYp5V3RXBPG0LzgiKj zUV5unHnoPDRGX/8YhYf2fHIk4LncZLb/zLSrZmXeP9A5iq4gV3DK2aE+fLj7Dz2 2pcMP+vqZBbRM7Y+6shEUh+AlFu/cdfTfzx0YYiDHSV0vam7SG4NzLWXpa58f5lb IREoDz6Hq86ITNOlpDQDod/a1VFj2WWhCEFgQ8AAS8pGo5Jo5+oRkAJkTcfWHpDg ADfj1z7H2//au8Y4/7fzjeYgWw9hLUmnDxOuxIkQZqOwV6W/jTEoUaUDMRcPX2GS ePJOLyV4KD2p/rMzr3CJ0dSwLj8LR5DEP/qfWJ/3r9lVhVYfSLabAHrv9s28KneJ hfKeUJCFZW7gJU3jhZSL9D9BgJMlIiOU3Uc1EhVJ/47o/XikoN426em5fkxvaNm1 IMijn3U0Ars7qCZqlqIkzr4yhaGdE4juiRC6SKQCex++lHfj3QuvP1rj/n7UogEn UIuf5YBvbXt5uqBPj/Hdrl9qUGnr2Ygp0bldTEswjhqGYYfCrJV7Hz85f5/QR/0L G56BbraUe64dxISe4ykXFk8RbE/qKyXS7QoGSrcGUmLwm33a12Q= =YJpr -----END PGP SIGNATURE-----