-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Apr 2024 20:02:10 -0300
Source: curl
Architecture: source
Version: 7.88.1-10+deb12u6
Distribution: bookworm
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Guilherme Puida Moreira <guilherme@puida.xyz>
Closes: 1053643
Changes:
 curl (7.88.1-10+deb12u6) bookworm; urgency=medium
 .
   * Team upload.
 .
   [ Sergio Durigan Junior ]
   * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
     (Closes: #1053643)
 .
   [ Guilherme Puida Moreira ]
   * Add patches to fix CVE-2024-2004 and CVE-2024-2398.
     - CVE-2024-2004: When a protocol selection parameter disables all
       protocols without adding any then the default set of protocols would
       remain in the allowed set due to an error in the logic for removing
       protocols.
     - CVE-2024-2398: When an application tells libcurl it wants to allow
       HTTP/2 server push and the amount of received headers for the push
       surpasses the maximum allowed limit (1000), libcurl aborts the server
       push and leaks the memory allocated for the previously allocated
       headers.
   * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
     Refresh patch.
Checksums-Sha1:
 52c890495756d34fb4b89e25bc2f16116694ba0d 3252 curl_7.88.1-10+deb12u6.dsc
 6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz
 9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc
 b8b226f2311631ed777c95fdd2a07e303709ca11 68308 curl_7.88.1-10+deb12u6.debian.tar.xz
 9f8f3a0e6768af8858598bd754ae0fe147f6f445 13506 curl_7.88.1-10+deb12u6_amd64.buildinfo
Checksums-Sha256:
 b99fda7743560442cd5cacc493f286b83dc8369b7b87691cae7927e90196cdc3 3252 curl_7.88.1-10+deb12u6.dsc
 cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562 curl_7.88.1.orig.tar.gz
 7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488 curl_7.88.1.orig.tar.gz.asc
 8ab5134089702e4cebc5a3c93485ba9ed5d540146c69aadd025ccec7b0bd8718 68308 curl_7.88.1-10+deb12u6.debian.tar.xz
 80e1ec7633a980840b00c46a01c7b4dcdc170e34570c6151a7b1764e7bb67213 13506 curl_7.88.1-10+deb12u6_amd64.buildinfo
Files:
 2eccd80c7c4261fdb267ac492917ae94 3252 web optional curl_7.88.1-10+deb12u6.dsc
 1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz
 08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc
 e4388f077b3f06643b3dde1c7f6db79f 68308 web optional curl_7.88.1-10+deb12u6.debian.tar.xz
 fb9fed9f2a88ef4bec50a790ce45f537 13506 web optional curl_7.88.1-10+deb12u6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv66eMxqGenyA2Ot49OSs27jQi+AFAmYS29UACgkQ9OSs27jQ
i+AJEg//V7rWo/OOPq6UpPvpoqjV9rHHiJbrNs7saH0ELz05n1uhe/zNsC9jWvAg
yPWMhvP35MvRKJ3gxuBmKo9z0513qJA7PXZ8ogV3G8qx3VRWAcHzTXbXgFA7qAM+
EVE9pY31BpjwarXMIXMFOg0ync8fPQK4nzjRf25A8aHMowmKfYIndhHKTGfL2q4P
DhJdgi0KQdPNh/fzy6EngDC/R1pwDcI6W4hSA24CmuD8dWntTGnM/nfrHD3Cgbrl
5R5vz2UsAUqr3kHpaYB6nyWirCka/08LHuRAk1o4oaDTYvnZUSvk6n6ezLx/+BLs
I32FZ1CqRuNmfl9tjDwCS8IweyD563oIX7lqFhu14c4pUGlerSuPotQHhDIns9JC
MLyjAvm5CzQnCwnO5hbF8NpTuIs3t7nOAcYLEX3TJ6JWaXnCqbqbr3sgY0sCw/Lw
23Mkgw1+d+fKTI5OhaV8ZmfTnQq0iXSknYuBJ8MzELTTiPSFiCzx505fWFha1FLT
VE/LHZAOHOPpJlWZU1iOyzlTPxdX7CfB70L8+9xAsexixW1FGDHqT0VxN6XyBJBQ
4SmIprWZ4zG1eKblCXbnCswg/RkEDm+D41epW4JxfB9cix4JQxOne6ctycSRJgUX
IE3UY9BB/kU614pewuDxn/PLExD0rZs4xl/Rd3vwRma7QAdh3mQ=
=PsLK
-----END PGP SIGNATURE-----