-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jan 2025 21:11:56 -0300 Source: curl Binary: curl curl-dbgsym libcurl3-gnutls libcurl3-gnutls-dbgsym libcurl3-nss libcurl3-nss-dbgsym libcurl4 libcurl4-dbgsym libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev Architecture: armel Version: 7.88.1-10+deb12u9 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Aquila Macedo Costa Description: curl - command line tool for transferring data with URL syntax libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.88.1-10+deb12u9) bookworm; urgency=medium . * Team upload. * Import patches for CVE-2024-9681 - A vulnerability in curl's HSTS handling allows a subdomain’s expiry time to overwrite its parent domain’s cache entry. This can lead to unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used. Affects applications with HSTS enabled, potentially disrupting access when a domain stops supporting HTTPS. * d/patches: - CVE-2024-9681-*.patch: Backport patches. - CVE-2024-9681-1: fix backport inconsistencies - large-time-testable-feature.patch: Import 'large-time' feature for tests - dont-stop-stunnel-before-retry.patch: Import patch to avoid stopping stunnel before retrying Checksums-Sha1: fd22c487701f54ae06d138aa6d650680be0c7f3c 157212 curl-dbgsym_7.88.1-10+deb12u9_armel.deb 858ae2010af7d83f20e16d534c70e9e0935145b7 12924 curl_7.88.1-10+deb12u9_armel-buildd.buildinfo 2d8b7e6f812a4ff7154e04bc8dc8877ab5b6f048 305808 curl_7.88.1-10+deb12u9_armel.deb d2e9b76cd71360f42f1d836933fafefa2d8aacac 988768 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_armel.deb 17e8c6226384c89d9902649c0fca28b2619e3e01 342872 libcurl3-gnutls_7.88.1-10+deb12u9_armel.deb 7ac07c22c2e957259434f0f90e27cf0765ddabb8 1035968 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_armel.deb a44229af349a2835764e8743e5a87cae69443e30 349572 libcurl3-nss_7.88.1-10+deb12u9_armel.deb 7bba1c14770075dd44612a89be2b7f18627ec865 1014976 libcurl4-dbgsym_7.88.1-10+deb12u9_armel.deb 7c155b2fafa899e9d3c8b0d7d1a347756f390ace 448540 libcurl4-gnutls-dev_7.88.1-10+deb12u9_armel.deb f2a0e7dd35457ba85d50c75a56f8b6464c16e935 457148 libcurl4-nss-dev_7.88.1-10+deb12u9_armel.deb ba8e1514a96a36bc90126df197a9bc7520b331a9 453532 libcurl4-openssl-dev_7.88.1-10+deb12u9_armel.deb 6205194aa439f416123802536b3692169f8d341b 346512 libcurl4_7.88.1-10+deb12u9_armel.deb Checksums-Sha256: 23fcadf04f3f7fca38e96c69111fc1ef54381981e1d56dbd6ce19121ea99ffa2 157212 curl-dbgsym_7.88.1-10+deb12u9_armel.deb fb0b3a51498516440ab11e806d87a79c45c877c12676e32de4ea3e9b279a9714 12924 curl_7.88.1-10+deb12u9_armel-buildd.buildinfo 3d1fb12f171849a132989dee3dacfb0c0832185f83b9352ace616b1b57696023 305808 curl_7.88.1-10+deb12u9_armel.deb 88eff1fb3672561bab4928a71bb00040d3c1f0f043ad8b07ffe42d6317ae801e 988768 libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_armel.deb c61728a7fcc49a39e254eab94198ceff192ca698a1c669c6ad3d3261bcb1eb96 342872 libcurl3-gnutls_7.88.1-10+deb12u9_armel.deb dc6b0446a414467ccae4d30865b80d3bf3c71f39391977c53fd1ddbf1cdf3245 1035968 libcurl3-nss-dbgsym_7.88.1-10+deb12u9_armel.deb 64ece6d3e296c73094d4bfa28038d42fb8299b65926fa02310beb4691da3766e 349572 libcurl3-nss_7.88.1-10+deb12u9_armel.deb d0bea0e3ece4501adec86c414b8947c189d996737acc95822888e84c8ddae7d5 1014976 libcurl4-dbgsym_7.88.1-10+deb12u9_armel.deb 6fee1068af4dc912beb5d6829b0dd24be092eac32da6646016120899a363fc64 448540 libcurl4-gnutls-dev_7.88.1-10+deb12u9_armel.deb 8504d260bd1ab6424bfac598be9063a96d14ae0f69397a604cf1df499a76014f 457148 libcurl4-nss-dev_7.88.1-10+deb12u9_armel.deb f1e5d4405934b7a5ed7fb87ff1b490c1204d595a74983c69f41420f8030aa4a9 453532 libcurl4-openssl-dev_7.88.1-10+deb12u9_armel.deb 7a065d6de3f0c33c38e433daeb91f9456de6a58c2e20e01943e0a759824522a8 346512 libcurl4_7.88.1-10+deb12u9_armel.deb Files: 0d7e8015b15644a63eae5e8b16577fde 157212 debug optional curl-dbgsym_7.88.1-10+deb12u9_armel.deb 2caebb063cee7d64a4fce003010a5321 12924 web optional curl_7.88.1-10+deb12u9_armel-buildd.buildinfo a69f59851279c5e6caf50bc0aa5e40b1 305808 web optional curl_7.88.1-10+deb12u9_armel.deb fae4e9ab740f3d02930d9ec240d46428 988768 debug optional libcurl3-gnutls-dbgsym_7.88.1-10+deb12u9_armel.deb b981d4ccc4748980761fca93ac6a85f3 342872 libs optional libcurl3-gnutls_7.88.1-10+deb12u9_armel.deb 8354ad4a284849f847d733a0a352f471 1035968 debug optional libcurl3-nss-dbgsym_7.88.1-10+deb12u9_armel.deb 7f408c6af574517fd5ea017bf0ac0086 349572 libs optional libcurl3-nss_7.88.1-10+deb12u9_armel.deb 3974fecde5e9a12011b47f23a55774e0 1014976 debug optional libcurl4-dbgsym_7.88.1-10+deb12u9_armel.deb 33ca2c12087ff7ce4553a76ad86b0473 448540 libdevel optional libcurl4-gnutls-dev_7.88.1-10+deb12u9_armel.deb 09ba04c0c7025cb9cf08819f26f6cb34 457148 libdevel optional libcurl4-nss-dev_7.88.1-10+deb12u9_armel.deb f44fbf89135864d83802a64d43341037 453532 libdevel optional libcurl4-openssl-dev_7.88.1-10+deb12u9_armel.deb 0e6b318db6b115f4f176cdaf8aa9e1c7 346512 libs optional libcurl4_7.88.1-10+deb12u9_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKAzExpjGvTI78ZO8LARVyvnD3xkFAmeVKVMACgkQLARVyvnD 3xmM6hAAxdASoBYlD1AU/0U1UEVCP+r4EIkZha7VS0qvZclKWjsQvcT3v0mYT3T6 nu2/DwEiD1vPeqVGPIZ6zqZPJtoTgcScxwr07rWQY9PFHX7r2MrUh36nEd/DvtoW dlB34zMPj0LZzrBWbz5q0p2r7Awg2Zf6iuYhyfvyIkBgI0pNV2M93bF+fNrbY3YC Dz3goMRdbCAcDJjldneMd6pH6vBssaW/HonojxNo5qsOHfH7PzIycZCjw0KnLCot M465ayYTLijhNGfDh7NqWqold49es344ptx4T3F1uvKIxapydK16iGgM8qN4zFrd Uvi0DO4QM3MgV9qPr6S0v5EIurEoNxk8v83qKCmoTtgt7eE5jjaJLMHGRipdcApK XkRQFrJoEep6zrsq+qPMHT5vPfe16DKO4ZitPAn0pzmongOlD3SagXXfKUQqKRbh I0pjOVbfx3wg0BwwALTxnVjfWk7rzeCv4R7Vxq84/NzUr9727vtkWXccrkClOSpJ 8+bjXRypp82f01MjMQlAldBjOKOfbwiqdcK/56skxDn2EhAI+y+LxnUJJQehennM ekFI43/kiS59BBWL/WndPuy2rllfcKk0N1JiE0nifXYsIxOwagRk6upSboS3ATuX tznvcFFxH6LCC7NmyKY7bhO0nH2Pg81xt84oPwqlSCgY7lnAuRg= =l0iO -----END PGP SIGNATURE-----