Package: libcurl4-openssl-dev Version: 7.61.0-1 Severity: normal Dear Maintainer,
I've discovered a timeout handling problem in libcurl. Reported upstream here: https://github.com/curl/curl/issues/3305 Upstream patch here (already merged with master branch): https://github.com/curl/curl/commit/34fe0e1622fd87f2945e734787bc29e314d253cc I think it's planned to be released on december 12th (7.63). In case 7.63 can't be included in Buster, I think you should consider patching the existing version. Upstream fix description: curl_easy_perform: fix timeout handling curl_multi_wait() was erroneously used from within curl_easy_perform(). It could lead to it believing there was no socket to wait for and then instead sleep for a while instead of monitoring the socket and then miss acting on that activity as swiftly as it should (causing an up to 1000 ms delay). Regards,
