From: Raspbian automatic forward porter Date: Thu, 4 Jul 2024 17:24:53 +0000 (+0100) Subject: Merge version 7.88.1-10+rpi1+deb12u5 and 7.88.1-10+deb12u6 to produce 7.88.1-10+rpi1... X-Git-Tag: archive/raspbian/7.88.1-10+rpi1+deb12u6^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=81545521231608b807378fba33976b5dc7ca2a7e;p=curl.git Merge version 7.88.1-10+rpi1+deb12u5 and 7.88.1-10+deb12u6 to produce 7.88.1-10+rpi1+deb12u6 --- 81545521231608b807378fba33976b5dc7ca2a7e diff --cc debian/changelog index aae31a32,d938525b..ebe709b4 --- a/debian/changelog +++ b/debian/changelog @@@ -1,9 -1,26 +1,33 @@@ - curl (7.88.1-10+rpi1+deb12u5) bookworm-staging; urgency=medium ++curl (7.88.1-10+rpi1+deb12u6) bookworm-staging; urgency=medium + + [changes brought forward from 7.88.1-9+rpi1 by Peter Michael Green at Sat, 20 May 2023 09:55:44 +0000] + * Disable testsuite. + - -- Raspbian forward porter Sun, 24 Dec 2023 08:58:12 +0000 ++ -- Raspbian forward porter Thu, 04 Jul 2024 17:24:52 +0000 ++ + curl (7.88.1-10+deb12u6) bookworm; urgency=medium + + * Team upload. + + [ Sergio Durigan Junior ] + * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch: + (Closes: #1053643) + + [ Guilherme Puida Moreira ] + * Add patches to fix CVE-2024-2004 and CVE-2024-2398. + - CVE-2024-2004: When a protocol selection parameter disables all + protocols without adding any then the default set of protocols would + remain in the allowed set due to an error in the logic for removing + protocols. + - CVE-2024-2398: When an application tells libcurl it wants to allow + HTTP/2 server push and the amount of received headers for the push + surpasses the maximum allowed limit (1000), libcurl aborts the server + push and leaks the memory allocated for the previously allocated + headers. + * d/p/openldap-create-ldap-URLs-correctly-for-IPv6-addresses.patch: + Refresh patch. + + -- Guilherme Puida Moreira Tue, 02 Apr 2024 20:02:10 -0300 curl (7.88.1-10+deb12u5) bookworm-security; urgency=high