Bug#700002: marked as done (curl: CVE-2013-0249)

[Debian Bug Tracking System]

Your message dated Tue, 12 Feb 2013 11:32:32 +0000
with message-id <e1u5e6c-0001js...@franck.debian.org>
and subject line Bug#700002: fixed in curl 7.26.0-1+wheezy1
has caused the Debian Bug report #700002,
regarding curl: CVE-2013-0249
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
700002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700002
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: curl
Severity: grave
Tags: security
Justification: user security hole

http://curl.haxx.se/docs/adv_20130206.html

Remember we're in freeze, so please upload only the minimal security fix.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: curl
Source-Version: 7.26.0-1+wheezy1

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 700...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <gh...@debian.org> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 10 Feb 2013 19:14:47 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev 
libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source amd64
Version: 7.26.0-1+wheezy1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Alessandro Ghedini <gh...@debian.org>
Changed-By: Alessandro Ghedini <gh...@debian.org>
Description: 
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS 
flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS 
flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl 
(OpenSSL flavour)
Closes: 700002
Changes: 
 curl (7.26.0-1+wheezy1) testing-proposed-updates; urgency=high
 .
   * Fix buffer overflow when negotiating SMTP DIGEST-MD5 authentication
     as per CVE-2013-0249 (Closes: #700002)
     http://curl.haxx.se/docs/adv_20130206.html
   * Set urgency=high accordingly
Checksums-Sha1: 
 8c87692f8fbbccb9a20329708cd3f3c3a4153e18 2531 curl_7.26.0-1+wheezy1.dsc
 83370e7dad0211d002f6fd64ca640885c52aa178 30433 
curl_7.26.0-1+wheezy1.debian.tar.gz
 23eb5b69c620ee2053d901e2d1442b54d98e9137 269708 curl_7.26.0-1+wheezy1_amd64.deb
 949365c8fa3a51e5d4526056e72f57763d7aef68 330666 
libcurl3_7.26.0-1+wheezy1_amd64.deb
 a5de06bd7cf1b9d95d2f6b469a60510b3f36fcd8 321504 
libcurl3-gnutls_7.26.0-1+wheezy1_amd64.deb
 9c719f1cef1be3c0aa398ff5ae46d1e638bbe2f9 328192 
libcurl3-nss_7.26.0-1+wheezy1_amd64.deb
 8d2a20ad3d493b99e0610dac4c8812befc089760 1269944 
libcurl4-openssl-dev_7.26.0-1+wheezy1_amd64.deb
 0dc5b3fab0b70e9d26f767b74c6d041d5429de86 1258122 
libcurl4-gnutls-dev_7.26.0-1+wheezy1_amd64.deb
 49680dafa4627f2f283c3855a800ff06139bea30 1265036 
libcurl4-nss-dev_7.26.0-1+wheezy1_amd64.deb
 83cb9e8247cd4238f6db55fd57c68f5dc71a759c 3296072 
libcurl3-dbg_7.26.0-1+wheezy1_amd64.deb
Checksums-Sha256: 
 e5b555d42b490e3110b885a96a7487239949a7aff5099e250cebb8b11ae78ae1 2531 
curl_7.26.0-1+wheezy1.dsc
 84d4dceab6eb7f778932f3a02e042ed0d804a6e64b3c8870c3c0201fad1ddc71 30433 
curl_7.26.0-1+wheezy1.debian.tar.gz
 590eba24ef04b1ab86c29ffabcb8c93c68e5065988bdcda233ac99d256f48000 269708 
curl_7.26.0-1+wheezy1_amd64.deb
 e6f47011aeacac638ffacd1b89a1cf37efb85d8c8ce5cbdacc04477f9555342f 330666 
libcurl3_7.26.0-1+wheezy1_amd64.deb
 33580b94713c5a39bb8c580bdec87372f24c68d413135130187627d004a07467 321504 
libcurl3-gnutls_7.26.0-1+wheezy1_amd64.deb
 69103e54ae2fd36a7bca525e484bda3f42730c06079daae1ca72436fa2f427ed 328192 
libcurl3-nss_7.26.0-1+wheezy1_amd64.deb
 bc6f0cd39e501bb1dbc065db6cdbdf19c8b8e3df8d0951454812aed5e36a31be 1269944 
libcurl4-openssl-dev_7.26.0-1+wheezy1_amd64.deb
 47b4f5dd8550c09d73fc34159660150659d51c7d8ccff47ae4dc51c74b2dcd3b 1258122 
libcurl4-gnutls-dev_7.26.0-1+wheezy1_amd64.deb
 ba767984ea1df5168c061d9eb24be2b1a35a90c98a1601bdaf2d608d2f997c54 1265036 
libcurl4-nss-dev_7.26.0-1+wheezy1_amd64.deb
 832e22ebe2b43faa15c2dfeb6bcdced64dbd8bcd993e51df2da3bc20a75bbf3c 3296072 
libcurl3-dbg_7.26.0-1+wheezy1_amd64.deb
Files: 
 d381ceb5d6690dc4f6d46c9556a472da 2531 web optional curl_7.26.0-1+wheezy1.dsc
 4e5309450ca4794257fb20eca0b005c1 30433 web optional 
curl_7.26.0-1+wheezy1.debian.tar.gz
 36ab25d8e5e74bece2a27c808fcf3d88 269708 web optional 
curl_7.26.0-1+wheezy1_amd64.deb
 489388763c9e2b1ee096cf50b03202eb 330666 libs optional 
libcurl3_7.26.0-1+wheezy1_amd64.deb
 6369f68ecfe53ba13ee6c93ecaeffecb 321504 libs optional 
libcurl3-gnutls_7.26.0-1+wheezy1_amd64.deb
 ba1001b0a87f91d1ad1f0b1a478562b1 328192 libs optional 
libcurl3-nss_7.26.0-1+wheezy1_amd64.deb
 21019388336fcb0794e864da422e3da2 1269944 libdevel optional 
libcurl4-openssl-dev_7.26.0-1+wheezy1_amd64.deb
 7b44d7f05447e814c2657740d9382ab1 1258122 libdevel optional 
libcurl4-gnutls-dev_7.26.0-1+wheezy1_amd64.deb
 53902b9a8bd1e1e81754d6765b24f31a 1265036 libdevel optional 
libcurl4-nss-dev_7.26.0-1+wheezy1_amd64.deb
 63b28fa1e8cb092a22e66d465aeeac47 3296072 debug extra 
libcurl3-dbg_7.26.0-1+wheezy1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJRGiP/AAoJEK+lG9bN5XPLZ7wP/iTpaTU5ah7KTJduYA2r/Gn+
FziEYwgyaj3B/dbZ9A08b62ATtXoHPe4AJB9uxdEC2pM4U7RBvp/rKpthAVpWgq/
DryD7b6xQGRivvYe55DpWKc4TOlJe/5DukH8L+E1mhlIDFpsXchmqxTdu7XMZT9p
vcUb63DnTlJhokeYEtsgJEbGlehInqXCMaBS/TjHx7zoA/JQhXu1mCkORotBtybW
XTPI1v+rFiCQqbfKC8CkKgs+nru3ScdpZZmIDTwmIwyrwLbwOKKeQLLS/mAO0fP+
HepUwFIQFV2oQfYrfigPDEKS5JT+aap53pMtBCtG3s6Ck4UDItsCZGN3+LthoCcZ
v6YtMkJoebl8/9/4M3eeJeTPgsZl5ox6QEwL1n6jq8MPgra30vrFN8BD7r+8hUpI
MWfCLw2bw6+khCCOWnU66/BbdLcLtJtyp40rtrAklecCA4tTt1nWEgHAs0abZdNr
mxLX9DWNk25Q4EozzvQsBNOWgqZxrtNGYpy884ptB+LhhInuEQq+Rt+cVFLkl/5B
Tv/HF9ZGuy7udzWkZ84B+Sk7AudesztPUOpoJ21QlYiGbkdkLZ6R4h/EYyWQt1tb
ikkW9leW0/D3sl3yxdDbcuW2tdWFcSiysQapEg/+9uhAClNduQUgWRrIPV+nBMMd
wzmvj3X7G2RvY4FI2Yqz
=S/d0
-----END PGP SIGNATURE-----

--- End Message ---