Bug#705274: marked as done (curl: CVE-2013-1944: libcurl cookie domain tailmatch)

[Debian Bug Tracking System]

Your message dated Sat, 13 Apr 2013 13:02:33 +0000
with message-id <e1ur06d-0003df...@franck.debian.org>
and subject line Bug#705274: fixed in curl 7.26.0-1+wheezy2
has caused the Debian Bug report #705274,
regarding curl: CVE-2013-1944: libcurl cookie domain tailmatch
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
705274: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705274
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: curl
Severity: grave
Tags: security

Hi,
the following vulnerability was published for curl.

CVE-2013-1944[0]:
libcurl cookie domain tailmatch

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-1944
[1] http://curl.haxx.se/docs/adv_20130412.html

Alessandro Ghedini was already aware of it and prepared debdiffs
stable and wheezy.

This is more to track the issue as bug in BTS.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: curl
Source-Version: 7.26.0-1+wheezy2

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 705...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <gh...@debian.org> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 10 Apr 2013 22:56:48 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev 
libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source amd64
Version: 7.26.0-1+wheezy2
Distribution: wheezy-proposed-updates
Urgency: high
Maintainer: Alessandro Ghedini <gh...@debian.org>
Changed-By: Alessandro Ghedini <gh...@debian.org>
Description: 
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS 
flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS 
flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl 
(OpenSSL flavour)
Closes: 705274
Changes: 
 curl (7.26.0-1+wheezy2) wheezy-proposed-updates; urgency=high
 .
   [ Alessandro Ghedini ]
   * Fix cookie domain tailmatch as per CVE-2013-1944
     http://curl.haxx.se/docs/adv_20130412.html (Closes: #705274)
   * Set urgency=high accordingly
 .
   [ Salvatore Bonaccorso ]
   * Add testcase for CVE-2013-1944
Checksums-Sha1: 
 7655ce20a222f4a558004d75037b9bad8fdc37bc 2533 curl_7.26.0-1+wheezy2.dsc
 78efa2454eba30f6cc865eb368459bf789876ccf 32625 
curl_7.26.0-1+wheezy2.debian.tar.gz
 c6b3ec189061085fb96777d2d715cf9c86147012 270112 curl_7.26.0-1+wheezy2_amd64.deb
 7bf62c6cd62b5458910f324c50575225f10d178b 330832 
libcurl3_7.26.0-1+wheezy2_amd64.deb
 7e5e7c14c173a57f59542fb3a2060267574c232a 321646 
libcurl3-gnutls_7.26.0-1+wheezy2_amd64.deb
 99c6c8c5efc0e8c8aebc4c8218ace639e27c8ee6 328336 
libcurl3-nss_7.26.0-1+wheezy2_amd64.deb
 f69218c821432e09ff9beb1fd0de47f9fe89066c 1268822 
libcurl4-openssl-dev_7.26.0-1+wheezy2_amd64.deb
 132b54a845db52cdd15b8c6f2c4f1c9480dab581 1257724 
libcurl4-gnutls-dev_7.26.0-1+wheezy2_amd64.deb
 34a611b9ea24c5ad1084fd5f9ba5e6028a9a8a49 1265038 
libcurl4-nss-dev_7.26.0-1+wheezy2_amd64.deb
 e4ae2129348e5b49e4e4f4ac60a7538da2fa9a79 3295660 
libcurl3-dbg_7.26.0-1+wheezy2_amd64.deb
Checksums-Sha256: 
 354b7095b8f764e839a76646a348fa7a1248e4ea563bc4839ce8746408e1ff43 2533 
curl_7.26.0-1+wheezy2.dsc
 f34cde20bd32671a38612d70d1b5b1f676164f8d0d87dad5db58f31b1abd7451 32625 
curl_7.26.0-1+wheezy2.debian.tar.gz
 9fd60fc1009438542547bf180c9b83fb94210c8c44b853a18267301fdc8c7087 270112 
curl_7.26.0-1+wheezy2_amd64.deb
 4b8306b98bfcc72638f732edcb134a0b3d7efddaf23961541910c394e92b5eca 330832 
libcurl3_7.26.0-1+wheezy2_amd64.deb
 c411dd95657e98dd6d5f58573d55b4d811b07a66887aaa215a8910c479aa165d 321646 
libcurl3-gnutls_7.26.0-1+wheezy2_amd64.deb
 766cd88310903fb62a74d1f2d7f5b98f177b4d7121a1d8a98fbcc06c21e86309 328336 
libcurl3-nss_7.26.0-1+wheezy2_amd64.deb
 9588452bc6a5c7990151b4278801238a3ed2c529a1af45adb0051cfd431ecee9 1268822 
libcurl4-openssl-dev_7.26.0-1+wheezy2_amd64.deb
 fb10fdc0d59f897a687ee7e04a231fa86448bbd9100c4e2c21fe92cdbbfa022b 1257724 
libcurl4-gnutls-dev_7.26.0-1+wheezy2_amd64.deb
 dcdf4e6bee8864553491fc39dce52d81c9308f14a79f340b7486485823e4744b 1265038 
libcurl4-nss-dev_7.26.0-1+wheezy2_amd64.deb
 b9e97f3908939e9596135003211547eb1fcffa4f74d2235b87aeee8111ff2a55 3295660 
libcurl3-dbg_7.26.0-1+wheezy2_amd64.deb
Files: 
 98bfa72048fc06ee613fe7992db6c3ca 2533 web optional curl_7.26.0-1+wheezy2.dsc
 a30f07f6c1493aebf0f091bfcdf5a57d 32625 web optional 
curl_7.26.0-1+wheezy2.debian.tar.gz
 7ddf93bc83794e001b7bb6ff54d3609b 270112 web optional 
curl_7.26.0-1+wheezy2_amd64.deb
 91135eecc0b6bacd8126b62bc4173564 330832 libs optional 
libcurl3_7.26.0-1+wheezy2_amd64.deb
 367cbba9f3215c0ff2a27c881c46762e 321646 libs optional 
libcurl3-gnutls_7.26.0-1+wheezy2_amd64.deb
 dae2efe0d4be490ef68e134cdc721783 328336 libs optional 
libcurl3-nss_7.26.0-1+wheezy2_amd64.deb
 c33d300971b79b81c5467a389cfdbeac 1268822 libdevel optional 
libcurl4-openssl-dev_7.26.0-1+wheezy2_amd64.deb
 8d547370a3a0c1f6f9814f25f9cf24ca 1257724 libdevel optional 
libcurl4-gnutls-dev_7.26.0-1+wheezy2_amd64.deb
 10063d2f2748d6abfac55284bbb8f112 1265038 libdevel optional 
libcurl4-nss-dev_7.26.0-1+wheezy2_amd64.deb
 c1f848c62d55ca1bc2559dff76713a41 3295660 debug extra 
libcurl3-dbg_7.26.0-1+wheezy2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRaVWIAAoJEHidbwV/2GP+VwcQAKiFM6zb6+mO8mWxKSV/0Xmq
AOK0xP8IVLt/KxrRinZhFAJvsv5FnfUKllmhl0gFhXgq6GsDdPRKSI3zoWOOubjp
S139zeLpSZsr+VpkAD/wwxFCnwrTDv5Cs/nbwudtPi4Uta1XWRctZY9PqR6eqzK3
hDc/GqEceCRyw4pRLmI7mYd8U+5793oz2n6X8HgLUepS6aHWjo1VQPB2Bc6rdTNs
BmndHSxEggNgoS1WhIcXu/A7A76Gwp6UQ3d2OZK383N6fzDBbsKVh0q3cZMFvKmT
2k3wH6Djvp1nfEYK7sWTYqWfIkbKDKLSAn6z/T7bk/gJmlolHhLLf5w0h/QHbsL3
xGYxwj0+1wLM3nODd07j3GBnPfXD7mW1QwoGCEg208h1y6MU9sS3p6hIsrkfj2If
bIL8ePA7nYpE2OtOLv15Uzk5GmK1jylVyHzoIAfUst04GQXUScVPob6aZsKOGMn5
sobWGwbSV4cgiCdg2Y6Hq2TRjtTd6tW36rrCgRONgUpTYapk9s4FGrqa52kpYfaS
0i1ZjF/LTO45vXm3Nt4doPT7Yzw6+Zvrx/+m+crmahH9++mDTjq0j22aka1IGKbV
IrgYwWu9FBY4npIMOFC3/J2ihzcnKbeME7uHA5gT7ozmQukTvPRLhe9IRC247H4F
+M73QhB5N10Nta7QuQSG
=364y
-----END PGP SIGNATURE-----

--- End Message ---