-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jan 2025 21:11:56 -0300 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: amd64 Version: 7.88.1-10+deb12u9 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Aquila Macedo Costa Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.88.1-10+deb12u9) bookworm; urgency=medium . * Team upload. * Import patches for CVE-2024-9681 - A vulnerability in curl's HSTS handling allows a subdomain’s expiry time to overwrite its parent domain’s cache entry. This can lead to unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used. Affects applications with HSTS enabled, potentially disrupting access when a domain stops supporting HTTPS. * d/patches: - CVE-2024-9681-*.patch: Backport patches. - CVE-2024-9681-1: fix backport inconsistencies - large-time-testable-feature.patch: Import 'large-time' feature for tests - dont-stop-stunnel-before-retry.patch: Import patch to avoid stopping stunnel before retrying Checksums-Sha1: ab22e579066c6e8903e7026329387aeb625cfc64 160464 curl-dbgsym_7.88.1-10+deb12u9_amd64.deb 1601666a6a2210a76b25d07ae91465456f205f27 13054 curl_7.88.1-10+deb12u9_amd64-buildd.buildinfo 0c65e96776e0820b11d34836c8b6a6b1a6374467 314980 curl_7.88.1-10+deb12u9_amd64.deb 2070b33ce0ff41ceeda34999daff7353076ec965 1024200 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_amd64.deb e890f9c0782f6d925aa9ea5659d941261bfe4b60 385756 libcurl3-gnutls_7.88.1-10+deb12u9_amd64.deb b819c47dd604e552107c71bbcf5e021b53c84ecb 1068432 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_amd64.deb 0ebc3894df6ec3bd5f53edaa52d1aedc7fe5f99c 394568 libcurl3-nss_7.88.1-10+deb12u9_amd64.deb ba6a32d13be97fc54741ae36a32c39e0e5560c6f 1053472 libcurl4-dbgsym_7.88.1-10+deb12u9_amd64.deb 77afb4b6a4f966495bc85c7181a394d3f1719403 486036 libcurl4-gnutls-dev_7.88.1-10+deb12u9_amd64.deb 337eab2bd5b347166809aecb802b3002152fd163 495640 libcurl4-nss-dev_7.88.1-10+deb12u9_amd64.deb d7ecbb59241686b3af4925da622d50c25e07a3b3 491624 libcurl4-openssl-dev_7.88.1-10+deb12u9_amd64.deb 5926c162df2055acfd618748cad5f411959aef62 391356 libcurl4_7.88.1-10+deb12u9_amd64.deb Checksums-Sha256: fb5566d2a20d0508c812ed431e60340b65c75038e1a17160ac3d0e7f060bc762 160464 curl-dbgsym_7.88.1-10+deb12u9_amd64.deb b0223b498dfe284874e1bd0cfbf998669c266be5a8ecbd4db52622c5dec1c832 13054 curl_7.88.1-10+deb12u9_amd64-buildd.buildinfo 9ba3c8668171d7604410c9967c7cd34aa3da5019b5ef1e2698cfd1884f72a2a4 314980 curl_7.88.1-10+deb12u9_amd64.deb 9f804c35ec925652897c197d5bd0bbeada015f124281677c77964b37479b03b6 1024200 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_amd64.deb dd99247b2c74b48eaaa120f02ac1e9c5a8bd9b3824e32372d4a83a8bb25a0ebb 385756 libcurl3-gnutls_7.88.1-10+deb12u9_amd64.deb 628096900ff3d7a94df7e2e25e2bb8f6e20b387eea305e03b06995aebebea7ac 1068432 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_amd64.deb b56f787277e79d4fe83e8f85a3f636f6dc848bb9e81209e4f87482764c231dbb 394568 libcurl3-nss_7.88.1-10+deb12u9_amd64.deb f83e45e53e7254a0ae2ed564d5e1f08915015ad66e780436b0424a035cfa0cd2 1053472 libcurl4-dbgsym_7.88.1-10+deb12u9_amd64.deb 0b18acfe189a22ab9cfd3e08ea9b9345489032341e39f8d79eb4e85c6924ba0a 486036 libcurl4-gnutls-dev_7.88.1-10+deb12u9_amd64.deb f8c03d442bb7f8f2af4af13aacbffb6f7cf246ebb0c26da52a7221e455baece0 495640 libcurl4-nss-dev_7.88.1-10+deb12u9_amd64.deb 4f917e3ada779f29d3220d162b2897ef22670f2205f2de436be49f23b0992830 491624 libcurl4-openssl-dev_7.88.1-10+deb12u9_amd64.deb fc39a862a07369c61072d5311f2961064089ac6ec0b169c79846680add3e6e79 391356 libcurl4_7.88.1-10+deb12u9_amd64.deb Files: 54361f883fe9c03c64c9b8a5a08e6d5b 160464 debug optional curl-dbgsym_7.88.1-10+deb12u9_amd64.deb 3a5de41b09eb2dc458c35a05ede98df5 13054 web optional curl_7.88.1-10+deb12u9_amd64-buildd.buildinfo cd57ffdb000b246f385c62e87a66b541 314980 web optional curl_7.88.1-10+deb12u9_amd64.deb 05cdf37440ab25460479f4bcf8791f1a 1024200 debug optional libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_amd64.deb 309e6187b8ce3ea04dfd96faba341a6e 385756 libs optional libcurl3-gnutls_7.88.1-10+deb12u9_amd64.deb 55f97bcd8015e927b1a493644a5b714c 1068432 debug optional libcurl3-nss-dbgsym_7.88.1-10+deb12u9_amd64.deb 29b92aee7f9bec9d241801e28e3822eb 394568 libs optional libcurl3-nss_7.88.1-10+deb12u9_amd64.deb 5830ccabb77f279c41d224d55a538dbd 1053472 debug optional libcurl4-dbgsym_7.88.1-10+deb12u9_amd64.deb c859f6142b7664cad373f7e81b349767 486036 libdevel optional libcurl4-gnutls-dev_7.88.1-10+deb12u9_amd64.deb e965b1b1a9ab4a117aa8549026194c20 495640 libdevel optional libcurl4-nss-dev_7.88.1-10+deb12u9_amd64.deb ba348a995358d53163c0dc3b8c9825f7 491624 libdevel optional libcurl4-openssl-dev_7.88.1-10+deb12u9_amd64.deb 7aa3650b01db7b8318931d0b0fc62c7e 391356 libs optional libcurl4_7.88.1-10+deb12u9_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4Unr4QHS5Yi4rr9Q3KGKEAtjIVgFAmeVKBgACgkQ3KGKEAtj IVhF3w/+LU4cVMTHjMSKYYFwxJ6UAVAppl6MpIjS7Df/K/B3uPuhDkbwYZGaycN2 /ewOx+O7DG5MRFWENZI9A15k1ul6ST5QoEezyb9mNwIKvfa3v6BQuXeOGZGILfQq Ry0vfjNj33lOMaOl/4w5QG5jAb3DZU6iQZUeGEWFkgCCXLB3TBm7RAbMUGYTQXjn 4komWjR9TRZ7h5G1NCFfwsu6zekXIusmBkgZpltFtGX5EZRz1q94ME1h04sYNHJz Ps7BsfWCrC6lCT4bVyWmjoX7Xenium4Bm9kpMFnfwSJQfeBjZa/nCO19RWE7BDYx bAr0x8kcNgDl9zPQBJC0RJaO4nAfbA7hsiKl559vXj/LkRP+XaNmnNktURt/PyPp BHemrfUgUlBNrSC0GgtNz/kTJG91F7ImD9HT4Q84FQz5SlJRVBeVHCtd9cXEttGG ZJ8nlnaEDq6mBD4EXxyaPZ/CU/mUSRxhVt1k0FQ0ipxE02oLkpKm4cL5EMpZaTG8 bhqakk0IWbwlEVPEdkLHCMjBfvr9VzBi/uZkJEVEf4m14AJQR6ESQLHhj+gLRdjL pM7u3Gm/UNVUiuQH2xmxuI1Zv1czVZR7KR6DVsTPMnVNskQF6d1rx1KbkQtxSyNx h3H0DQOsoaZbYvLOqxwBZaDfz+INwt3rMVx3Kwn6xthVWrZve90= =mU9E -----END PGP SIGNATURE-----