-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jan 2025 21:11:56 -0300 Source: curl Architecture: source Version: 7.88.1-10+deb12u9 Distribution: bookworm Urgency: medium Maintainer: Alessandro Ghedini Changed-By: Aquila Macedo Costa Changes: curl (7.88.1-10+deb12u9) bookworm; urgency=medium . * Team upload. * Import patches for CVE-2024-9681 - A vulnerability in curl's HSTS handling allows a subdomain’s expiry time to overwrite its parent domain’s cache entry. This can lead to unintended HTTPS upgrades or premature reversion to HTTP when both subdomains and parent domains are used. Affects applications with HSTS enabled, potentially disrupting access when a domain stops supporting HTTPS. * d/patches: - CVE-2024-9681-*.patch: Backport patches. - CVE-2024-9681-1: fix backport inconsistencies - large-time-testable-feature.patch: Import 'large-time' feature for tests - dont-stop-stunnel-before-retry.patch: Import patch to avoid stopping stunnel before retrying Checksums-Sha1: 21b132c3339205c0ae0a44c08bbb324fe4cb6f1a 3252 curl_7.88.1-10+deb12u9.dsc c5dc248adaa20a2c9fc12b85a940287600a25022 75096 curl_7.88.1-10+deb12u9.debian.tar.xz 562168044eee17c0c34f9daa1e1718ffec6595c3 13765 curl_7.88.1-10+deb12u9_amd64.buildinfo Checksums-Sha256: a15a68462b6281c735bf90836b40236c2b099f7b25076e50e90da475e3df01ce 3252 curl_7.88.1-10+deb12u9.dsc ccede6ffd699ad1f3a9d8cf889ca3d31ae226213e273f0e0d4bde0f6eeaaf35f 75096 curl_7.88.1-10+deb12u9.debian.tar.xz f44ad0f3a56611a4f3ab343bd7397e69482317a72e02bd3bfa3ed8c1ec84139c 13765 curl_7.88.1-10+deb12u9_amd64.buildinfo Files: e24bf1c8162517790075c8cd1aa8a705 3252 web optional curl_7.88.1-10+deb12u9.dsc b4475dd44fea2f7be1f157f2fec07372 75096 web optional curl_7.88.1-10+deb12u9.debian.tar.xz d003a9d1a63496a8680b11f63cd44e08 13765 web optional curl_7.88.1-10+deb12u9_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmeNipIACgkQu6n6rcz7 Rwcrtg//Yp7TBntqcOzLvAz0E8uUoepqbHvzwDx/hRjAx/3ySIcXrbCNfRpR/9/G Ia4K1sKXj1GS+pGDHXd0FNeZvvUUOCj+kVPtabI2JhKnp0VZjg/zsheOwi4zI17W At40qptb5PxizjJrGOUHkvFnaNMrBc0oSFXyY7QNCex33ogtj8235NXu/W/Ppi44 nU2iydzVlj3hzBOaOHZ9gqSDrtk82ue+kiZUolTpkMaHs2C+14V0EdvRBFTh9Nvv DvMJQiJ9ZDvidcF2JIcrXX7PLGu4pA0hDvbrfypyPuJVAcZoneR7Hl73cffXBzvc o6Uux4d/t0r2xJ8nG936wacDqS9OXQuBwY2bskWZLPb3somH3ndblFEvjHoLKcui 1zqd1io1pDF3o2AR4GOBnCMO5K2CG8Ein0rK0ke++9WYV4+/SZAxEnTaLVAhMIcF k8nGJyLV7D3ZahstQcm/IugpMA3wXnRqmFY2sQhWCQazMz0Awkmd9eoDOS0qhok3 nS459iQZWxPKE5gBroRUwAgSgUQZmVToaeoRIglYT8ht1/lVCzWlvWnKbWw9y17S dJo9ILTjftwvYjVyN5KR7qFJhZRM6oVjngo1osm3pwID58cL47cvk7IJ6eD7nTO7 VCRnOXM6yvjm9pZMzRFaUchg8V14vGNPj7+mMNy/rwQ5zi4dBYs= =BAAg -----END PGP SIGNATURE-----