Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi release team, Please unblock package curl. To admit the two CVEs are not really at RC severity (and thus were filled only as important severity), but if possible it would be great to start buster with including those two CVE fixes in curl. Alessandro uploaded 7.64.0-4 to unstable containting fixes for the following: +curl (7.64.0-4) unstable; urgency=medium + + * Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351) + https://curl.haxx.se/docs/CVE-2019-5436.html + * Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes: #929352) + https://curl.haxx.se/docs/CVE-2019-5435.html + + -- Alessandro Ghedini <gh...@debian.org> Fri, 14 Jun 2019 19:23:32 +0100 Attached is as well the debdiff produced from the version in testing to the one in sid. unblock curl/7.64.0-4 Regards, Salvatore
