- curl (7.88.1-10+rpi1+deb12u5) bookworm-staging; urgency=medium
++curl (7.88.1-10+rpi1+deb12u6) bookworm-staging; urgency=medium
+
+ [changes brought forward from 7.88.1-9+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 20 May 2023 09:55:44 +0000]
+ * Disable testsuite.
+
- -- Raspbian forward porter <root@raspbian.org> Sun, 24 Dec 2023 08:58:12 +0000
++ -- Raspbian forward porter <root@raspbian.org> Thu, 04 Jul 2024 17:24:52 +0000
++
+ curl (7.88.1-10+deb12u6) bookworm; urgency=medium
+
+ * Team upload.
+
+ [ Sergio Durigan Junior ]
+ * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
+ (Closes: #1053643)
+
+ [ Guilherme Puida Moreira ]
+ * Add patches to fix CVE-2024-2004 and CVE-2024-2398.
+ - CVE-2024-2004: When a protocol selection parameter disables all
+ protocols without adding any then the default set of protocols would
+ remain in the allowed set due to an error in the logic for removing
+ protocols.
+ - CVE-2024-2398: When an application tells libcurl it wants to allow
+ HTTP/2 server push and the amount of received headers for the push
+ surpasses the maximum allowed limit (1000), libcurl aborts the server
+ push and leaks the memory allocated for the previously allocated
+ headers.
+ * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch:
+ Refresh patch.
+
+ -- Guilherme Puida Moreira <guilherme@puida.xyz> Tue, 02 Apr 2024 20:02:10 -0300
curl (7.88.1-10+deb12u5) bookworm-security; urgency=high
projects / curl.git / commitdiff