-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 16 Nov 2013 13:04:23 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg Architecture: i386 Version: 7.26.0-1+wheezy5 Distribution: wheezy-security Urgency: high Maintainer: amd64 / i386 Build Daemon (brahms) Changed-By: Alessandro Ghedini Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.26.0-1+wheezy5) stable-security; urgency=high . * Fix OpenSSL checking of a certificate CN or SAN name field when the digital signature verification is turned off as per CVE-2013-4545 http://curl.haxx.se/docs/adv_20131115.html * Set urgency=high accordingly Checksums-Sha1: 0356e22b0fb9272ae755b337e212afe44d72c867 269614 curl_7.26.0-1+wheezy5_i386.deb 96982fedec349b7238287c30b796bfd7c24c9b26 336448 libcurl3_7.26.0-1+wheezy5_i386.deb 65e99b4827c13dab15748b2b08572cc5ca5b88db 327420 libcurl3-gnutls_7.26.0-1+wheezy5_i386.deb 78585d4c5b2559647af1d9df3f8c6cd885bd8272 333568 libcurl3-nss_7.26.0-1+wheezy5_i386.deb 7fac0ff8d5d3fd6e97c479de325c82edb48c49c4 1240580 libcurl4-openssl-dev_7.26.0-1+wheezy5_i386.deb 98a10269920852d3b96e5b209f55dc73f4b4bb08 1230886 libcurl4-gnutls-dev_7.26.0-1+wheezy5_i386.deb e72b967e15624fb114d9c94d249f47111ce3330f 1237212 libcurl4-nss-dev_7.26.0-1+wheezy5_i386.deb ccf7c57875a61c699e8719308321c1aca9d6ab13 3216246 libcurl3-dbg_7.26.0-1+wheezy5_i386.deb Checksums-Sha256: df275be8216338564ec989fd4545bdfd433ff7cc41fac202a704e060e3ef812d 269614 curl_7.26.0-1+wheezy5_i386.deb 03dd101e799f4966321733fd9ccd6ca27640b360df562f11db3350db0138f9f8 336448 libcurl3_7.26.0-1+wheezy5_i386.deb 0f5527f548e021fbc559d11703de84dcdbf8b7b7df642272b2d256392e0fb99e 327420 libcurl3-gnutls_7.26.0-1+wheezy5_i386.deb fd19cafad6120c7acd9477f6262ba3a9061b9369291cd6870aad2c90a3dd0e15 333568 libcurl3-nss_7.26.0-1+wheezy5_i386.deb 6d7d13069f3987270fbcea7d5a8a5365458e35a5108e14d1eafd5d86cf2f6ff4 1240580 libcurl4-openssl-dev_7.26.0-1+wheezy5_i386.deb 0d3a5d6156da8d954ab77c31d538a286c5c9573a21f06ab36575d332719d4f8c 1230886 libcurl4-gnutls-dev_7.26.0-1+wheezy5_i386.deb 501a46c6a8bddf16d88289adb885c982255620ba091038d4b7417eb053a9af35 1237212 libcurl4-nss-dev_7.26.0-1+wheezy5_i386.deb a710a809fafb87c7d6fd6984020cc6e428f1d045778649729efe27c22619bf3f 3216246 libcurl3-dbg_7.26.0-1+wheezy5_i386.deb Files: 90724b805822f8247945b7ea135c4e68 269614 web optional curl_7.26.0-1+wheezy5_i386.deb afa8c4934c599943dfa9bd1c42185b4d 336448 libs optional libcurl3_7.26.0-1+wheezy5_i386.deb 228f0087c62f604e8c99a0544600e4d8 327420 libs optional libcurl3-gnutls_7.26.0-1+wheezy5_i386.deb 5fb75f45004b5bf055fc73ed61e45789 333568 libs optional libcurl3-nss_7.26.0-1+wheezy5_i386.deb 0474aa41f83762583b63f74a0504a4f5 1240580 libdevel optional libcurl4-openssl-dev_7.26.0-1+wheezy5_i386.deb b9c688bcc1be53910a3cf0fa9f24024e 1230886 libdevel optional libcurl4-gnutls-dev_7.26.0-1+wheezy5_i386.deb 74229f871f2348ee08a2ba9ab07b7430 1237212 libdevel optional libcurl4-nss-dev_7.26.0-1+wheezy5_i386.deb 33781d2e9480efa91144af0edc83c236 3216246 debug extra libcurl3-dbg_7.26.0-1+wheezy5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSiMqUAAoJEK1hQZE4PeNy7NQP/jNDogmHoPI8s24MjUKXLhEk SVRixQ843UPWf0CD9y5zmnLDspG3umYKMuav7Zy8fWtuZhKFdiwteI7Gfu14yl+/ nzjK8FgKmjTVIV2Ibr5E79PtzNCOS5r2J/RIBBjCI+KxlrkepMzpcNcvrK6LUspt Xcl235UJVvqmbAJRQmZpil57JJwlb91lWwxtv8B8Doq1b+CCHUH66AW+b4c/NqfZ 7fpR/8Ph/NP6YEp60O5tmMAYJmD8V8R0YhsyIx5uU9oWvscFn58bF0ee/b+Pdr/r aptBlUMh7Tajc8nQvFn1R+lZMpzegq4r248m5yMDTdAxxBXuVRcGLpTglcDTsj8L 8EK6gnp9EHLL8Gi3ybaVoC5FpgJbQWUDDnS2/N/61vjZt0Ua+osRF1cDXUgE1ETQ XZH/oHiM8Dtj+fKuE7oltfvfP8sZYnpqETg4DSNHC0VeHshRoHbpBb77kxNMUykV n7Y0iA0B9lQmJjFyVpHs+kzerxkCmaWx2kHGsFXmIAND/FNdgOYk+3zZmg1M3H4I 927cSlTYMvBFza+RjP4ydk7pxgdjJ5tdxXh7p/DPDAzz/IBWdp7MMDvPTLqc+2qh JWvhH1IIe/CCffKxZmL3IVgZEQHRdrbopCqj+YCl9zDCKXPVRQen4Yv7nTQ5/J5b IuKqf2g/qz36isY1FotC =CFa1 -----END PGP SIGNATURE-----