-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jan 2025 21:11:56 -0300 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: i386 Version: 7.88.1-10+deb12u9 Distribution: bookworm Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Aquila Macedo Costa Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.88.1-10+deb12u9) bookworm; urgency=medium . * Team upload. * Import patches for CVE-2024-9681 - A vulnerability in curl's HSTS handling allows a subdomain’s expiry time to overwrite its parent domain’s cache entry. This can lead to unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used. Affects applications with HSTS enabled, potentially disrupting access when a domain stops supporting HTTPS. * d/patches: - CVE-2024-9681-*.patch: Backport patches. - CVE-2024-9681-1: fix backport inconsistencies - large-time-testable-feature.patch: Import 'large-time' feature for tests - dont-stop-stunnel-before-retry.patch: Import patch to avoid stopping stunnel before retrying Checksums-Sha1: 7e9afaaf4fd310b9b080ed201bd71fb596d19393 145072 curl-dbgsym_7.88.1-10+deb12u9_i386.deb ff4e2e3fabdc594a14a106004c4a53f7e8b23a78 12974 curl_7.88.1-10+deb12u9_i386-buildd.buildinfo ca130b7885dcb9c5c32c47f12993d9814dae722c 319472 curl_7.88.1-10+deb12u9_i386.deb 22ecaf05dea091f7111408982e6957fa18dfb279 911268 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_i386.deb 86e0f4605d8cc9b7a9e1243f2e81dc9a42e6838e 418684 libcurl3-gnutls_7.88.1-10+deb12u9_i386.deb 0eed27f125df30dc9ed8b7334c44c74863937f0a 953376 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_i386.deb ae2860607ab1c96b775e74e0f1dda13d5e9be53a 426876 libcurl3-nss_7.88.1-10+deb12u9_i386.deb c68b98559c57b6b4df30b24cd127f5c28da1c745 932016 libcurl4-dbgsym_7.88.1-10+deb12u9_i386.deb 1981359ab9069bac00d394df5d18a867996cc4b9 532836 libcurl4-gnutls-dev_7.88.1-10+deb12u9_i386.deb aaeb56bd86a1f767632034dcd4bb5a10c92b57fa 542108 libcurl4-nss-dev_7.88.1-10+deb12u9_i386.deb 448db906d10a9cf84488db8627d6f83994d0648f 539088 libcurl4-openssl-dev_7.88.1-10+deb12u9_i386.deb 9296626f142be93a9164dc301d6cf0f503e86478 425460 libcurl4_7.88.1-10+deb12u9_i386.deb Checksums-Sha256: c213ccbc394ed826139e9727540576e7b756db2e5b3716b400b5c023cbde7ac5 145072 curl-dbgsym_7.88.1-10+deb12u9_i386.deb eb95f7fbcec98f0c9eed9780709cfdc0c5e16a159e54fb9956996d2ce7ac6fc8 12974 curl_7.88.1-10+deb12u9_i386-buildd.buildinfo c27d8bfc53af8b97f7bad714d9bb78ceabe256b5ee034904d772eb81e65ee0c4 319472 curl_7.88.1-10+deb12u9_i386.deb 6c443b4684f72b229826bc8a4f368c06b679bb948bb5382222f95e28189dcb61 911268 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_i386.deb 9a80869d077305c02e74664a45971b90e8ea869d6731a3ff533d509a98d34a56 418684 libcurl3-gnutls_7.88.1-10+deb12u9_i386.deb 03e8a999b14ef60185a4063992b73400e6ae5ff2295730019a01632f0a31f6ea 953376 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_i386.deb 4f9f0eb06aef277691d8daa97c325dd1222f0b42ca4554939e640f80fdf63a68 426876 libcurl3-nss_7.88.1-10+deb12u9_i386.deb 3e7c74f14d73e017503fe75dd3a9b643db6d127c940205525c66c5a72c409011 932016 libcurl4-dbgsym_7.88.1-10+deb12u9_i386.deb b595f36c53d6a162a5d5fc818b50dbdb5e04ff6e1e6baaa71336b513aeb4fa7b 532836 libcurl4-gnutls-dev_7.88.1-10+deb12u9_i386.deb 54e150057d31de6f2b18fa29cbaa2161907d714ffe38ba6bd9e2a0eb590055a1 542108 libcurl4-nss-dev_7.88.1-10+deb12u9_i386.deb 652d83125f910c82be281c67b1fcc32ae9f50f942624c012217c9a1ddc56f306 539088 libcurl4-openssl-dev_7.88.1-10+deb12u9_i386.deb 31443b1c4d02d1ac6ecdc1a202b63b1e0c213315cbd9bfb4f4dcb6875b7c3a88 425460 libcurl4_7.88.1-10+deb12u9_i386.deb Files: 21e1fba1532730d73db439da0894e7f2 145072 debug optional curl-dbgsym_7.88.1-10+deb12u9_i386.deb 3ddff966bc4279d51368171d6269e1c6 12974 web optional curl_7.88.1-10+deb12u9_i386-buildd.buildinfo c2e49e3ea21804a88148fe0e494970e1 319472 web optional curl_7.88.1-10+deb12u9_i386.deb 5d0f962cc8b8861b1d6183a06bf10c16 911268 debug optional libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_i386.deb 047bb3e718ca9930d0b867c704e2cd13 418684 libs optional libcurl3-gnutls_7.88.1-10+deb12u9_i386.deb daa3d9590809ea4b1add05561eff22db 953376 debug optional libcurl3-nss-dbgsym_7.88.1-10+deb12u9_i386.deb 10b9bd05de1f3d8b597bff5d31b35f4e 426876 libs optional libcurl3-nss_7.88.1-10+deb12u9_i386.deb 3f387b2d1825a430ed4d02f8089f049b 932016 debug optional libcurl4-dbgsym_7.88.1-10+deb12u9_i386.deb a1d8149f57e8911c8aed4e1066c81b31 532836 libdevel optional libcurl4-gnutls-dev_7.88.1-10+deb12u9_i386.deb 22a7bbd64f7197b81fef72ff5ea64591 542108 libdevel optional libcurl4-nss-dev_7.88.1-10+deb12u9_i386.deb a271f724e822e46e4e334ffb2d21ec79 539088 libdevel optional libcurl4-openssl-dev_7.88.1-10+deb12u9_i386.deb b01678231c13eac5792714aeb8a11e45 425460 libs optional libcurl4_7.88.1-10+deb12u9_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyTfXx8sBpQ0Lh3cUU9a0/LcaTpMFAmeVKTcACgkQU9a0/Lca TpNM8w/+Mj1ijXGUpK3a+l+16uSB+1TZm1EY8viu9noPlx81k+nzpypQ0FEsp8EL QcN+pXw9H0SgOVHQ3Ng7l99iVpY/owntkSeWn4kvvdn3hcESEs4RJPhZM92JpHgt 2R/JqFtsyXYlbCegL5dN6Y8dZOpOgETkU32Yv5FyRV/WlHrWqx609jB8w4qXOBn6 wwRVKYtCbJ6HlBpfsGobga89ihFzKrhit8P3nkm4bsPA4/BD2La0SNHZygYeslo7 LYFRr0VrVQqH560qakIN2xmFWw4t94HBFabXZvkQmESLsIBVf0EYIB0Uh8DOFUwO IcexZHdWehdeP0acA0Sk22hZngx8ubAyL/hIBowGfp+2TT/TMOQIs/W5UlwOdy3Y X6pkU2wxei6YeWdpAG42hkP0nfz1NgIlOhv46zL2SgNiFKdLpb1oJfIaKdAwQzTR /ZOKpK7srXQqQhQCzkg50LubcA6tLa8BEVarFEFKgAZw0ucnRBJJQgNVYTP0WbB0 Vl4Dwu+jgw2d4SxGWDR/wvy1m9Fiaym+arLUMVjuqKW8WpRFkFEB5Cg7EhFzYZXF NjroCBKN0Mm0kfhXi1NCY4MpnXRN8wEQod4Su0RZmUZ9WD0beVqH71muJCLagOdB 9xNTCISw7/Ehp7ipLwzK2A5m7r8BKa11ACgFrO5YkawjWX/uEjg= =yPWB -----END PGP SIGNATURE-----