News for package curl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: curl
Binary: curl, libcurl3, libcurl3-gnutls, libcurl3-nss, libcurl4-openssl-dev, libcurl4-gnutls-dev, libcurl4-nss-dev, libcurl3-dbg, libcurl4-doc
Architecture: any all
Version: 7.38.0-4+deb8u2
Maintainer: Alessandro Ghedini <[email protected]>
Uploaders: Ian Jackson <[email protected]>
Homepage: http://curl.haxx.se
Standards-Version: 3.9.5
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/curl.git
Vcs-Git: git://anonscm.debian.org/collab-maint/curl.git
Build-Depends: debhelper (>= 9), autoconf, automake, ca-certificates, groff-base, libgnutls28-dev, libidn11-dev, libkrb5-dev, libldap2-dev, libnss3-dev, librtmp-dev (>= 2.4+20131018.git79459a2-3~), libssh2-1-dev, libssl-dev, libtool, openssh-server, python, quilt, stunnel4, zlib1g-dev
Build-Conflicts: autoconf2.13, automake1.4
Package-List:
 curl deb web optional arch=any
 libcurl3 deb libs optional arch=any
 libcurl3-dbg deb debug extra arch=any
 libcurl3-gnutls deb libs optional arch=any
 libcurl3-nss deb libs optional arch=any
 libcurl4-doc deb doc optional arch=all
 libcurl4-gnutls-dev deb libdevel optional arch=any
 libcurl4-nss-dev deb libdevel optional arch=any
 libcurl4-openssl-dev deb libdevel optional arch=any
Checksums-Sha1:
 40d8ec9063f076005535139c9229ac77c57f0300 4094034 curl_7.38.0.orig.tar.gz
 5b1c94646feee1c90a3e55c5349a454df8384a2c 32688 curl_7.38.0-4+deb8u2.debian.tar.xz
Checksums-Sha256:
 5661028aa6532882fa228cd23c99ddbb8b87643dbb1a7ea55c068d34a943dff1 4094034 curl_7.38.0.orig.tar.gz
 7740ba01705540f5f043662ce117bce9836402dc676024d291e8ea1364670db8 32688 curl_7.38.0-4+deb8u2.debian.tar.xz
Files:
 b6e3ea55bb718f2270489581efa50a8a 4094034 curl_7.38.0.orig.tar.gz
 2e1b714e0c6576f952fb0e67d5c0ff5b 32688 curl_7.38.0-4+deb8u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVQKjSAAoJEK+lG9bN5XPLtZEP+wW96LC8NoLFIvr5sNz0qkDA
a9G9d3/dpW5swUTaqUpD++aYM8Dk/boXi6JI/fd2xGYvdS03p8m0nY5+8GcTk70C
WawmMBgKuhg6eLzG/kkPdFUrI04F+rNUD4I1Dalh5pocBXHuoX/bxMYP8zgsQrVs
C6fduec/aiIUjTFAebB2siWN9HdQ+kYRuHd1ROuF+vC5ww7olXYZ0tLtKv+gi6Pq
WOH2GcgiV/qtoRmwZEW1t+QVetjfxTq+VSYMzqLwo7w//3u1AVzSYgbifU48Q9T6
2uA8xZKGOo3BfqemZUVB9xev9AiX0TFLhvldm4Qi57CzkxzpDJdHxgayNN4pdWJn
5RiifI0i+K9b6T4rjDTSwEfP3NsWkOERxK76/wxk2CqKK+Q24PIHp859Bw09Dl8M
wzSWUhPgCHBwcVhxWg0SQNrpYS9QjhWvF95MbdWBooBUcZTOcEsl/fR7Iw0c51Mh
OholxSEv3nkzxCNGrIQiY48wJpr4LKbATmBebni6f6FOG2xuwkN96ycnSIjTibiz
9bTrpgC5kv9VILJNo93TKl7MmTu36MvlRckMfho8rcJyAevrWLl/DNRwgYQn9aDr
4gVGCpikZmpjLVsF5oTVSAdofb+nXJ6GzO/ViMgfxrMYuZooL6pHdFMW4UaI0gsZ
9tS51AWa4vN4yZ9L7B+d
=/wMT
-----END PGP SIGNATURE-----

Changes:
curl (7.38.0-4+deb8u2) jessie-security; urgency=high

  * Don't send sensitive HTTP server headers to proxies as per CVE-2015-3153
    http://curl.haxx.se/docs/adv_20150429.html

 -- Alessandro Ghedini <[email protected]>  Wed, 29 Apr 2015 10:47:47 +0200