projects / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 6f0dc41 7dc4f17)
curl (7.88.1-10) unstable; urgency=medium
authorSamuel Henrique <samueloph@debian.org>
Thu, 18 May 2023 22:43:40 +0000 (23:43 +0100)
committerSamuel Henrique <samueloph@debian.org>
Thu, 18 May 2023 22:43:40 +0000 (23:43 +0100)
commit86918d9438c5941272cf452c85873294069708c8
tree6d2ea913ac0367c4cd5d498b9c164f1da9949e66tree | snapshot
parent6f0dc41c18d1799ca7f24898807d967e97d75a9fcommit | diff
parent7dc4f17f135c6b28ff76647825452a9312e8477ccommit | diff
curl (7.88.1-10) unstable; urgency=medium

  * Add new patches to fix CVEs (closes: #1036239):
    - CVE-2023-28319: UAF in SSH sha256 fingerprint check
    - CVE-2023-28320: siglongjmp race condition
    - CVE-2023-28321: IDN wildcard match
    - CVE-2023-28322: more POST-after-PUT confusion
  * d/libcurl*.symbols: Drop curl_jmpenv, not built anymore due to
    CVE-2023-28320

[dgit import unpatched curl 7.88.1-10]
60 files changed:
debian/README.source | | blob
debian/changelog | | blob
debian/control | | blob
debian/copyright | | blob
debian/curl.install | | blob
debian/curl.manpages | | blob
debian/gbp.conf | | blob
debian/libcurl3-gnutls.install | | blob
debian/libcurl3-gnutls.links | | blob
debian/libcurl3-gnutls.lintian-overrides | | blob
debian/libcurl3-gnutls.symbols | | blob
debian/libcurl3-nss.install | | blob
debian/libcurl3-nss.links | | blob
debian/libcurl3-nss.lintian-overrides | | blob
debian/libcurl3-nss.symbols | | blob
debian/libcurl4-doc.docs | | blob
debian/libcurl4-doc.examples | | blob
debian/libcurl4-doc.links | | blob
debian/libcurl4-doc.manpages | | blob
debian/libcurl4-gnutls-dev.install | | blob
debian/libcurl4-gnutls-dev.links | | blob
debian/libcurl4-gnutls-dev.manpages | | blob
debian/libcurl4-nss-dev.install | | blob
debian/libcurl4-nss-dev.links | | blob
debian/libcurl4-nss-dev.manpages | | blob
debian/libcurl4-openssl-dev.install | | blob
debian/libcurl4-openssl-dev.manpages | | blob
debian/libcurl4.install | | blob
debian/libcurl4.symbols | | blob
debian/patches/04_workaround_as_needed_bug.patch | | blob
debian/patches/08_enable-zsh.patch | | blob
debian/patches/11_omit-directories-from-config.patch | | blob
debian/patches/90_gnutls.patch | | blob
debian/patches/99_nss.patch | | blob
debian/patches/CVE-2023-27533.patch | | blob
debian/patches/CVE-2023-27534.patch | | blob
debian/patches/CVE-2023-27535.patch | | blob
debian/patches/CVE-2023-27536.patch | | blob
debian/patches/CVE-2023-27537.patch | | blob
debian/patches/CVE-2023-27538.patch | | blob
debian/patches/CVE-2023-28319.patch | | blob
debian/patches/CVE-2023-28320-1.patch | | blob
debian/patches/CVE-2023-28320.patch | | blob
debian/patches/CVE-2023-28321.patch | | blob
debian/patches/CVE-2023-28322.patch | | blob
debian/patches/Remove-curl-s-LDFLAGS-from-curl-config-static-libs.patch | | blob
debian/patches/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch | | blob
debian/patches/build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch | | blob
debian/patches/fix-unix-domain-socket.patch | | blob
debian/patches/series | | blob
debian/rules | | blob
debian/salsa-ci.yml | | blob
debian/source/format | | blob
debian/tests/control | | blob
debian/tests/upstream-tests-gnutls | | blob
debian/tests/upstream-tests-nss | | blob
debian/tests/upstream-tests-openssl | | blob
debian/upstream/metadata | | blob
debian/upstream/signing-key.asc | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.