-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jan 2025 21:11:56 -0300 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: arm64 Version: 7.88.1-10+deb12u9 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Aquila Macedo Costa Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.88.1-10+deb12u9) bookworm; urgency=medium . * Team upload. * Import patches for CVE-2024-9681 - A vulnerability in curl's HSTS handling allows a subdomain’s expiry time to overwrite its parent domain’s cache entry. This can lead to unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used. Affects applications with HSTS enabled, potentially disrupting access when a domain stops supporting HTTPS. * d/patches: - CVE-2024-9681-*.patch: Backport patches. - CVE-2024-9681-1: fix backport inconsistencies - large-time-testable-feature.patch: Import 'large-time' feature for tests - dont-stop-stunnel-before-retry.patch: Import patch to avoid stopping stunnel before retrying Checksums-Sha1: 8201c9d91f2c7e4aa46cbeb23cc580090b2a833f 158080 curl-dbgsym_7.88.1-10+deb12u9_arm64.deb 7b63cd4dfac1b5baa5e5c29694028c3f147b04fb 13053 curl_7.88.1-10+deb12u9_arm64-buildd.buildinfo 006e098dc579c2d475fbe6e4fbe507a324be74cb 309148 curl_7.88.1-10+deb12u9_arm64.deb c9a2530a955f9f96dc8baea664f855add40384df 1012856 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_arm64.deb 7bc5987204d74af242a29716031b59f077d92029 361352 libcurl3-gnutls_7.88.1-10+deb12u9_arm64.deb 1fba382064935d36b8194207809c2d4f9b10780a 1058708 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_arm64.deb eb77f2bd2595f1232c9e7e6e4c9b424d907f82b1 371204 libcurl3-nss_7.88.1-10+deb12u9_arm64.deb e8fdf22ccbff450db7a2b93bf320047ec5cff35d 1040144 libcurl4-dbgsym_7.88.1-10+deb12u9_arm64.deb 0aeded56c67c475bff1feb37ab241e9cc321578f 471272 libcurl4-gnutls-dev_7.88.1-10+deb12u9_arm64.deb 2a11a5bd551147200317884fc48e0c465b4649f6 481472 libcurl4-nss-dev_7.88.1-10+deb12u9_arm64.deb ab418998426473e1ce27bef83d8f11739d57ed1e 475700 libcurl4-openssl-dev_7.88.1-10+deb12u9_arm64.deb c69e53bcdacb64216aaa614f06cff3d78e3c1873 365848 libcurl4_7.88.1-10+deb12u9_arm64.deb Checksums-Sha256: 9eb1851201960c7225c901ccc8d803308ed0381dff1443f7f566cb0e87ed5556 158080 curl-dbgsym_7.88.1-10+deb12u9_arm64.deb 51048980707c8e1862635bb5ad275f7c1cd313a9db35cb603f81f9cc894134dd 13053 curl_7.88.1-10+deb12u9_arm64-buildd.buildinfo 144392ba837e0f41f563c0dc5f134b1e0a6fc73597d824d2be3244041c29d047 309148 curl_7.88.1-10+deb12u9_arm64.deb 05849eee49cca9d76f02f52f6f9861e675662b4a49e7407a161ebb134fc66158 1012856 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_arm64.deb 6651d90eb0180086cea5ae3c53f01e997a3c936e67470c66fd534c01a105395d 361352 libcurl3-gnutls_7.88.1-10+deb12u9_arm64.deb 1895698e2ec0a888b00d2f58c13298e9bf257b1a7c3a2689adbecb3707f31cb0 1058708 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_arm64.deb 58adb78cc9af70024b946d184f6ec30f2bb70f9be8fe564ecbdd9526b8383dd2 371204 libcurl3-nss_7.88.1-10+deb12u9_arm64.deb 9752149332efb560f181abd71d4d8c7428a49f237645e64d672481e6baa7292b 1040144 libcurl4-dbgsym_7.88.1-10+deb12u9_arm64.deb fc3182afd206a46c19918ec03f124f8bae3b3facfbf5a7dd2a56ac44affb64b5 471272 libcurl4-gnutls-dev_7.88.1-10+deb12u9_arm64.deb 1c16342eb78373cde78b7248303e07ea7aec0082a972a702a92c5714e071976e 481472 libcurl4-nss-dev_7.88.1-10+deb12u9_arm64.deb ba8d32161a370fc5e54475bb81ea7babb64c0690de22f367e7d24afc67278dfe 475700 libcurl4-openssl-dev_7.88.1-10+deb12u9_arm64.deb afa2a05182dcf30bb5edc4619ccf6e92fd9c0d965be1aa0a395d9b891c532d1c 365848 libcurl4_7.88.1-10+deb12u9_arm64.deb Files: 586cec95b605904008561b1b8ed19082 158080 debug optional curl-dbgsym_7.88.1-10+deb12u9_arm64.deb 5be192ed6a4d4077b9824a2caea02d34 13053 web optional curl_7.88.1-10+deb12u9_arm64-buildd.buildinfo fed38f3fef2154cc54be31378b6fc33c 309148 web optional curl_7.88.1-10+deb12u9_arm64.deb eb76b03541efd7ed87324cd77e2fce98 1012856 debug optional libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_arm64.deb 40aa2f4afb5bae0d2b3ede3598250758 361352 libs optional libcurl3-gnutls_7.88.1-10+deb12u9_arm64.deb 9cb00d054e5eb6c166704afa096a1f40 1058708 debug optional libcurl3-nss-dbgsym_7.88.1-10+deb12u9_arm64.deb 5feb397d0fe94960a6b836b7a497ffe0 371204 libs optional libcurl3-nss_7.88.1-10+deb12u9_arm64.deb 38aed3873ac28875976d9d4f6e30f3aa 1040144 debug optional libcurl4-dbgsym_7.88.1-10+deb12u9_arm64.deb 6ee0c5adbd71f551ebdc3b34df6b8b1b 471272 libdevel optional libcurl4-gnutls-dev_7.88.1-10+deb12u9_arm64.deb 4bf3f4b8d35a2a58941ca1eac48fff8e 481472 libdevel optional libcurl4-nss-dev_7.88.1-10+deb12u9_arm64.deb 8ac90f7bd61ef5ea65c0d63956018f3b 475700 libdevel optional libcurl4-openssl-dev_7.88.1-10+deb12u9_arm64.deb f6982d04ca402ec9b84bcfbaf00006e6 365848 libs optional libcurl4_7.88.1-10+deb12u9_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmeVKE0ACgkQlST9Us03 ywuBwBAAmhRlEkrU/che9UJ2MG2lKlqGlLAnxs0Us4q10l1pIdcjpYMn8xkC7jT+ fH65PNwbHy3f6SQckbG+usD7n56/N3mp8szGes4YtKpWQARnojG11wNBapaUeOJ6 V6D58a5K96B02dmzaS3KQS/D72fF5vzXjQI1QCYVnSMX+3FG8fPIlekBJbwFjDZ/ t7H0mgqrJ3TFTDwPZip9wloahmhnXcq4xtrrRijEWreJ4cE9dLu/cEBZOAFRKb2y yqQA+TGH3g2+NjqAMGRF53Z8foTEaVr5tsuVrPFNM1GUPk+FEXz4/2YFBZ0RdEHz B43b11sRfGs3ds1KLWFwnsA/RNuL2pQ/qwKhQkTJBDRiamlQic8KEJXTdW6/M4bn 6tK7JxlX+5Qp3Vo+Kdcke1LUux2Q9CbV8ZjfMO0lXUiaz6cIhjVKgBMwuVBjpP+W HnAEEk2aHK4+1HegEKBh1k//mEjwx73RkM5xNazG9N8dC0vA70oGYFTMl1rkJJBU cFLAiNP8BYHWPhVQD+VitTdBBL6z4A2Cxj+cN+lucWrokA37lEPbr2ITqR27jwct MkkQJrHmWblp84VuE82w9NZqK7oB2pHK2kC9twpwh9a6K4V3BVxvryt5GbyBfZfE oiG5vzC4WamUUBNJISjL0ZISg4OQy1pA+gbtRJY/0aErHgnmR48= =KH0N -----END PGP SIGNATURE-----