Bug#631615: marked as done (CVE-2011-2192: libcurl inappropriate GSSAPI delegation)

[Debian Bug Tracking System]

Your message dated Sat, 25 Jun 2011 19:32:20 +0000
with message-id <e1qayaa-0000g2...@franck.debian.org>
and subject line Bug#631615: fixed in curl 7.21.6-2
has caused the Debian Bug report #631615,
regarding CVE-2011-2192: libcurl inappropriate GSSAPI delegation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
631615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631615
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: curl
Version: 7.21.6-1
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Please see http://curl.haxx.se/docs/adv_20110623.html

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4F07cACgkQNxpp46476aqlfwCeP8tSFJPpNkME0Jr4snwc00Um
4dsAnRIq4WskZHnxV1JBmEAmyWonbVMy
=jc5G
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: curl
Source-Version: 7.21.6-2

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive:

curl_7.21.6-2.debian.tar.gz
  to main/c/curl/curl_7.21.6-2.debian.tar.gz
curl_7.21.6-2.dsc
  to main/c/curl/curl_7.21.6-2.dsc
curl_7.21.6-2_amd64.deb
  to main/c/curl/curl_7.21.6-2_amd64.deb
libcurl3-dbg_7.21.6-2_amd64.deb
  to main/c/curl/libcurl3-dbg_7.21.6-2_amd64.deb
libcurl3-gnutls_7.21.6-2_amd64.deb
  to main/c/curl/libcurl3-gnutls_7.21.6-2_amd64.deb
libcurl3-nss_7.21.6-2_amd64.deb
  to main/c/curl/libcurl3-nss_7.21.6-2_amd64.deb
libcurl3_7.21.6-2_amd64.deb
  to main/c/curl/libcurl3_7.21.6-2_amd64.deb
libcurl4-gnutls-dev_7.21.6-2_amd64.deb
  to main/c/curl/libcurl4-gnutls-dev_7.21.6-2_amd64.deb
libcurl4-nss-dev_7.21.6-2_amd64.deb
  to main/c/curl/libcurl4-nss-dev_7.21.6-2_amd64.deb
libcurl4-openssl-dev_7.21.6-2_amd64.deb
  to main/c/curl/libcurl4-openssl-dev_7.21.6-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 631...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ramakrishnan Muthukrishnan <rkrish...@debian.org> (supplier of updated curl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 25 Jun 2011 23:37:04 +0530
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev 
libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source amd64
Version: 7.21.6-2
Distribution: unstable
Urgency: high
Maintainer: Ramakrishnan Muthukrishnan <rkrish...@debian.org>
Changed-By: Ramakrishnan Muthukrishnan <rkrish...@debian.org>
Description: 
 curl       - Get a file from an HTTP, HTTPS or FTP server
 libcurl3   - Multi-protocol file transfer library (OpenSSL)
 libcurl3-dbg - libcurl compiled with debug symbols
 libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
 libcurl3-nss - Multi-protocol file transfer library (NSS)
 libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
 libcurl4-nss-dev - Development files and documentation for libcurl (NSS)
 libcurl4-openssl-dev - Development files and documentation for libcurl 
(OpenSSL)
Closes: 631615
Changes: 
 curl (7.21.6-2) unstable; urgency=high
 .
   * Fix for the inappropriate GSSAPI delegation vulnerability (CVE-2011-2192).
     (closes: #631615)
Checksums-Sha1: 
 c36c50468d06d3ba2112df5ec97fdcb3ef990a8d 1530 curl_7.21.6-2.dsc
 c7e04fd65495e43d140f7d1361e2c716b3a12e04 95370 curl_7.21.6-2.debian.tar.gz
 4ab35502bbe63b96bbccac3dcc57f4f736a9a217 258288 curl_7.21.6-2_amd64.deb
 b1c7c10e2812c17a4a0bfafda39402c0a9c0b8fd 317950 libcurl3_7.21.6-2_amd64.deb
 90fcb893c10f075132bd04e9917e27093740ca05 298934 
libcurl3-gnutls_7.21.6-2_amd64.deb
 b9040d557cbcdfee64480eaba61fee8a675d45d7 305576 libcurl3-nss_7.21.6-2_amd64.deb
 1d88461bd274f5aefb04c00ad91e53f7902e8b9e 1195940 
libcurl4-openssl-dev_7.21.6-2_amd64.deb
 07bdb12853ced1b0c2afc47a22282ca1c8e80b1c 1172274 
libcurl4-gnutls-dev_7.21.6-2_amd64.deb
 41c635e6d8b463c28a9ab13442e326b6c79c0f1c 1178844 
libcurl4-nss-dev_7.21.6-2_amd64.deb
 82c689579687fc38a5d9d37bbbde3e2b8802d6ad 145916 libcurl3-dbg_7.21.6-2_amd64.deb
Checksums-Sha256: 
 1414787c0dbebd2ea809a8aed8a0886a75b53d9a7c6304f379ac23daf1aab1ba 1530 
curl_7.21.6-2.dsc
 0c67c6a666c980b386b5838ed26343eada86fa695ec6b6de5d1f870015ea593b 95370 
curl_7.21.6-2.debian.tar.gz
 e1088ec27d7b01480e61922ec924c36fff7010c819c7f4afe30ee8fd97d6dfae 258288 
curl_7.21.6-2_amd64.deb
 7633de010676fba061d15e8a36ab9b61b64e2c12ab5129d044409d73817bedad 317950 
libcurl3_7.21.6-2_amd64.deb
 82bf56b512d87bbaa7b5bca75ff656601394c5ed8fe52c75cd7acbbe6c05098f 298934 
libcurl3-gnutls_7.21.6-2_amd64.deb
 7744b3095b631f87eff8a446227ef3c816aced73f0c082fdbb7813dbdcd8fcc2 305576 
libcurl3-nss_7.21.6-2_amd64.deb
 f86c27ff7d8ca1834265876a9287685f804062dcc630a0ea79c72847f0c01633 1195940 
libcurl4-openssl-dev_7.21.6-2_amd64.deb
 9d3fc0f66e8b3b84a823f86afecc6d9ecf90b905875612163609825117d062ea 1172274 
libcurl4-gnutls-dev_7.21.6-2_amd64.deb
 c62133f13c33cf3d85708dc99331855d2044b3d59d7719b4383af707b87a2628 1178844 
libcurl4-nss-dev_7.21.6-2_amd64.deb
 e549b35677e15765c1ac35adfc84e5eeaf02b7a4fb99656c2277cfe925e7f13a 145916 
libcurl3-dbg_7.21.6-2_amd64.deb
Files: 
 58d34be0948193309548bed8933c9750 1530 web optional curl_7.21.6-2.dsc
 87e62d6e82c1de594691ae0854db64f1 95370 web optional curl_7.21.6-2.debian.tar.gz
 1deb1cde27dd6096db9207328d7fc00c 258288 web optional curl_7.21.6-2_amd64.deb
 520117637d3f51393b12d7a914c4569c 317950 libs optional 
libcurl3_7.21.6-2_amd64.deb
 e64d65f7de42aaa5d2aa6bf3371c04a4 298934 libs optional 
libcurl3-gnutls_7.21.6-2_amd64.deb
 13b4ca8f7025803202e39a3b97abd3d3 305576 libs optional 
libcurl3-nss_7.21.6-2_amd64.deb
 670701f5d2ad562fa5d9ad1aa3a234e6 1195940 libdevel optional 
libcurl4-openssl-dev_7.21.6-2_amd64.deb
 93b696757f30b5fa453928b5ecc7ec72 1172274 libdevel optional 
libcurl4-gnutls-dev_7.21.6-2_amd64.deb
 56d6f42b27351f85067547c71427bfb7 1178844 libdevel optional 
libcurl4-nss-dev_7.21.6-2_amd64.deb
 70acc289dff7e0ace16c4fa13c95665f 145916 debug extra 
libcurl3-dbg_7.21.6-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4GNC0ACgkQFyn1hmqfPDiBHACgnxudflcJnyl+cCAJGrFQN173
egwAoKxxP29i2aEAGywwHHZ9LaxEMt/6
=TNcD
-----END PGP SIGNATURE-----

--- End Message ---