1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted curl 7.88.1-10+deb12u11 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Mar 8 19:50:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Mon, 10 Feb 2025 11:45:37 +0100
    Source: curl
    Built-For-Profiles: nocheck
    Architecture: source
    Version: 7.88.1-10+deb12u11
    Distribution: bookworm
    Urgency: medium
    Maintainer: Alessandro Ghedini <ghedo@debian.org>
    Changed-By: Dr. Tobias Quathamer <toddy@debian.org>
    Changes:
    curl (7.88.1-10+deb12u11) bookworm; urgency=medium
    .
    * Team upload.
    * Import patch for CVE-2025-0167.
    - When asked to use a `.netrc` file for credentials **and** to follow HTTP
    redirects, curl could leak the password used for the first host to the
    followed-to host under certain circumstances. This flaw only manifests
    itself if the netrc file has a `default` entry that omits both login
    and password. A rare circumstance.
    .
    curl (7.88.1-10+deb12u10) bookworm; urgency=medium
    .
    * Team upload.
    * Import patch for CVE-2024-11053
    - When asked to both use a `.netrc` file for credentials and to follow HTTP
    redirects, curl could leak the password used for the first host to the
    followed-to host under certain circumstances.
    * d/patches:
    - url-use-same-credentials-on-redirect.patch: Backport upstream patch to
    fix the issue of reusing closed connections when the server disconnects
    unexpectedly, and ensure redirects keep both username and password.
    This patch is required for CVE-2024-11053.
    - CVE-2024-11053.patch: Import and backport upstream patch to
    fix CVE-2024-11053
    Checksums-Sha1:
    b7e17cd1c45012700b3687579a23d83626977ecb 3256 curl_7.88.1-10+deb12u11.dsc
    6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz
    9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc
    b3dffe42291c2baea76a882dc1b9937a307f7195 81044 curl_7.88.1-10+deb12u11.debian.tar.xz
    65cf4a977e565567984181d05b6ceb2301deb295 11645 curl_7.88.1-10+deb12u11_amd64.buildinfo
    Checksums-Sha256:
    2f9b408d4a784212929d746bcf979dcccf3744136dc016e9a69b2e86ed11b4b5 3256 curl_7.88.1-10+deb12u11.dsc
    cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562 curl_7.88.1.orig.tar.gz
    7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488 curl_7.88.1.orig.tar.gz.asc
    cdeb4b512b5a845b3bad4d4685a773efb47d882c60627873aed5318ae927a7ca 81044 curl_7.88.1-10+deb12u11.debian.tar.xz
    dc78f15558917c7c4290737a061acc90d64c5b9279f72d33d69b6ea839f7e5ce 11645 curl_7.88.1-10+deb12u11_amd64.buildinfo
    Files:
    4be44339dc6cafc15e61d9172aa6d0cd 3256 web optional curl_7.88.1-10+deb12u11.dsc
    1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz
    08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc
    9d5cdcf35a92f9d54c5b0db26a17deae 81044 web optional curl_7.88.1-10+deb12u11.debian.tar.xz
    3c928d563078feb893e69fe796c064d4 11645 web optional curl_7.88.1-10+deb12u11_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmfLeoEACgkQu6n6rcz7 RwfwGw//RF2x/iWtkWZzf4Q9HO9+JzaItJoUQOtYXordv5Lh13/baQ2mqbHM6PjI 9etBhthC0UnwL/MXGWeXrEx7KFqGZHZtQHGpVIP5p0uFIGcaS/xI5gRWP+WbeI7X nAkTcuY2Voe3/pzeg91858kV9tDNaX9PCzRRDZqASaT7J9Z7rIuV/1RgQty7nEiT 7GUHMpzCISQjU2V+q+kEHLKSapDAeyZK+iZ2QUZCvH8V7fe/WFWejfsB47E/hFdP ycQBzrsESlPiAd8Vr0u3JDEAWA3rc7OcqLKitfUtRhM04W/bPpUuq+kN9DatCjC7 EIG4b1Qcpd7omgzOnruaenxpdLgcc5qEH6X6EcSUNenp85TcZKnrBPcJG+FIFYVy LZsZj0AfY35a6iWtk1eykQIC40SY7Yuvihf9Gxs+0yCMt/o1Len6OmEaNLEnkf9h b9QyJNvk7lfO7PPF3uqfaoO/969PM5L/r/zU+bRylN1NRe5njRZ6iIHlwkVjBVs2 QIvBGKjJBqgI6y/G5D1m0tBPQeaRWdoj6FLiDwEoxUySU38uvUC1tZzCNRuiR327 SP8pcQB2Vv/rkJIi/0+HVoOkDBn5wVR1N6CoiZu8fCeCBSoZu589iOTdnL/gdEhs ZLTivksbAJyPHPniir+stk3H4EEsfR3/twEUOcxxSqkUGZ4ZYo8=
    =4ROT
    -----END PGP SIGNATURE-----


    --==============999271816390994950=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ8yQqwAKCRCb9qggYcy5 IWqMAQDoO9dMa0PzSsIBPZ72xw5Lth7zb84aKctNO9WLyItPkwD/R49YrmPILxzQ +RKlmG++MapE8/G+9u46llJ+8aT/lQw=Tnd3
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)