Your message dated Mon, 11 Feb 2013 14:48:19 +0000 with message-id <e1u4ug7-0002y1...@franck.debian.org> and subject line Bug#700002: fixed in curl 7.29.0-1 has caused the Debian Bug report #700002, regarding curl: CVE-2013-0249 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 700002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700002 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: curl Severity: grave Tags: security Justification: user security hole http://curl.haxx.se/docs/adv_20130206.html Remember we're in freeze, so please upload only the minimal security fix. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: curl Source-Version: 7.29.0-1 We believe that the bug you reported is fixed in the latest version of curl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 700...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alessandro Ghedini <gh...@debian.org> (supplier of updated curl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 11 Feb 2013 14:48:03 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg Architecture: source amd64 Version: 7.29.0-1 Distribution: unstable Urgency: high Maintainer: Alessandro Ghedini <gh...@debian.org> Changed-By: Alessandro Ghedini <gh...@debian.org> Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Closes: 700002 Changes: curl (7.29.0-1) unstable; urgency=high . * New upstream release - Fix buffer overflow when negotiating SASL DIGEST-MD5 authentication as per CVE-2013-0249 (Closes: #700002) http://curl.haxx.se/docs/adv_20130206.html - Set urgency=high accordingly * Install all the examples * Update 90_gnutls.patch and 99_nss.patch * Refresh patches * Correctly pass CPPFLAGS to ./configure * Upload to unstable Checksums-Sha1: 16f2e1b240b4dc8e1fafed70ebc68d050cf6bc23 2507 curl_7.29.0-1.dsc 6f5fd02bd9db83d5a1e2f52c8fa3566a60eda4f1 3260535 curl_7.29.0.orig.tar.gz af75eb715fb641e338eeaa6464d6b2a8f84c4f43 30838 curl_7.29.0-1.debian.tar.gz 92b29250e4034a2712bba9fa85a93d9e05823406 281992 curl_7.29.0-1_amd64.deb 36ee3149ed673560ca6509d66311a5c767426dcc 333804 libcurl3_7.29.0-1_amd64.deb 976a607ef095052eeac31156dde5eefcefc5f90c 325306 libcurl3-gnutls_7.29.0-1_amd64.deb 742c7fb492324ef925de11ac991100691b5adab1 331552 libcurl3-nss_7.29.0-1_amd64.deb dc0c74dac3cc98bf86902de570b3fa59b6d82964 1358788 libcurl4-openssl-dev_7.29.0-1_amd64.deb 610f112f02cc0fefbce7299f1d0168a11e271709 1346474 libcurl4-gnutls-dev_7.29.0-1_amd64.deb beba1d50c50a63a32595bb5a60167a2fca3cfbf6 1353002 libcurl4-nss-dev_7.29.0-1_amd64.deb 4932be0cf374ec4d197df6ee04bba99b28aa6784 3465662 libcurl3-dbg_7.29.0-1_amd64.deb Checksums-Sha256: a7ca42cc2f005c35da90f068f06799a966bc2b5f8a6529bb5aa1ba8f683a09b4 2507 curl_7.29.0-1.dsc 67dc5b952ac489191b62dbe95b18d336b821649f61404a280186c72e8cd0b9d6 3260535 curl_7.29.0.orig.tar.gz 2e774616fa0b678bff17100dea3ba5ca6cfd7620be7a37889bcda59b2b0b26b9 30838 curl_7.29.0-1.debian.tar.gz 30fa98626839e7eb905122ddea68cee60b749770292b69701388c43c86fe2a3f 281992 curl_7.29.0-1_amd64.deb f5af515f5a290dd5d6373f029657ddc507f777d381f6bd8fd4def084047a5074 333804 libcurl3_7.29.0-1_amd64.deb 8ff2bcdeeb4c010af663af61561fbaa87c47282cc8e5180eb20c0d2abe42e187 325306 libcurl3-gnutls_7.29.0-1_amd64.deb f674a19656edaedc6da71fad394a75be46ea2d3817b28875a8dd1752aba562e5 331552 libcurl3-nss_7.29.0-1_amd64.deb 6bafdabfa03c40b30b619d70dfc0a054b51b13922c2fda28d87d9aed5d1c839a 1358788 libcurl4-openssl-dev_7.29.0-1_amd64.deb 856e20a9800858d14bd512053a289fe6bb7b5b29fa2bf6c4d904c75b4d4bbebd 1346474 libcurl4-gnutls-dev_7.29.0-1_amd64.deb fed5dc9a6fccd8610f564abb76f5761479e7549230a2f781fb66d8d4e72f8f44 1353002 libcurl4-nss-dev_7.29.0-1_amd64.deb f67c3e443df636f215f9f84ef454e7037917faf2528dcb4a16f9e61c618ffcee 3465662 libcurl3-dbg_7.29.0-1_amd64.deb Files: 765a5d5632fc22eae4ec6389c2d5e79a 2507 web optional curl_7.29.0-1.dsc 4f57d3b4a3963038bd5e04dbff385390 3260535 web optional curl_7.29.0.orig.tar.gz 92573ea1fd611afb48f61a34c669028c 30838 web optional curl_7.29.0-1.debian.tar.gz 2fb712c1e8518e8587154552f458546f 281992 web optional curl_7.29.0-1_amd64.deb 940c5137ffb5838d33bbe83c3a34f7c9 333804 libs optional libcurl3_7.29.0-1_amd64.deb 6a02284e483634f7655b8305558939fa 325306 libs optional libcurl3-gnutls_7.29.0-1_amd64.deb 8fbc7a50b161c0a55e72f5c9c08a27cc 331552 libs optional libcurl3-nss_7.29.0-1_amd64.deb 3b35db53e0d836235eff48fbb14da252 1358788 libdevel optional libcurl4-openssl-dev_7.29.0-1_amd64.deb 7f7fcc59ca0e2a4f81372c2225283ca3 1346474 libdevel optional libcurl4-gnutls-dev_7.29.0-1_amd64.deb 58e631f043a09e8ece878b15cb213060 1353002 libdevel optional libcurl4-nss-dev_7.29.0-1_amd64.deb 55d7f8cee133aef4f66904f88505d381 3465662 debug extra libcurl3-dbg_7.29.0-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRGP4RAAoJEK+lG9bN5XPLNwYQAJ3FZtjt+pKXrCOSjuMJ9EcG Jc2mZo50bevccBzBfw0mGvMw5H9oPkjY73Kg3ZOJNj/A0saZgJ2CL5/fD7OqjFJ9 UTP9wm7Y+lY8dX/HducVso9EFJvl032PbeQJeVK0/ItNLamkjt1pHRoupEjkY5Ei MiGyNbFc6grMlNjaxrQmUwWHrcIaqXtqWa16/OB5kBaVGiqAKZ3StnTZS0yvaxmP w8YjefS5YEqz69ydejCw35hESVDceTRiWjXuItFQqrMldbi23dm9eK2h72CxtcIX zDZCjjF//QpaM2uJ5x1r3g03c2/AqFDP1Rr7WIDf4Tr8hcBOvVu+wfLHI4AZj8ky MYvdptGAr3kVsGqgvtb21DtycHZwZn8rwNvFb87404EeaqquoWgwXXz8r00viDGE SIycBHAPvBRn9Tkl9qgOLpq6h2gGBdOcfqh2fTQBWpyZarY/c/kTVHhZVQv3QKGy Tcol5iimIP2409IiSUxCAFPV4Wn9hEQy13I8nfuyH9q/6U0xYg3zPx+IPSYMaIRw XDlOMp6vhUOW52q3ilDTyBdFljsJxLoNj5fOgpKPh1UMlcaWkb/ejjoKK0iksL87 86s/GEGjjfLVmNdzopszS6fVahwSNoPXkTd2Ke7it3ryz9IbD89F88vWh8JGG+lV MIrJmDcA5TtVecG4XWgs =BdQu -----END PGP SIGNATURE-----
--- End Message ---
