-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: curl Binary: curl, libcurl3, libcurl3-gnutls, libcurl3-nss, libcurl4-openssl-dev, libcurl4-gnutls-dev, libcurl4-nss-dev, libcurl3-dbg Architecture: any Version: 7.26.0-1+wheezy13 Maintainer: Alessandro Ghedini <[email protected]> Uploaders: Ian Jackson <[email protected]>, Luk Claes <[email protected]> Homepage: http://curl.haxx.se Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=collab-maint/curl.git Vcs-Git: git://git.debian.org/collab-maint/curl.git Build-Depends: debhelper (>= 9), autoconf, automake1.9, groff-base, libgcrypt11-dev, libgnutls-dev, libidn11-dev, libkrb5-dev, libldap2-dev, libnss3-dev, librtmp-dev, libssh2-1-dev (>= 1.2), libssl-dev, libtool, openssh-server, quilt, stunnel4, zlib1g-dev Build-Conflicts: autoconf2.13, automake1.4 Package-List: curl deb web optional libcurl3 deb libs optional libcurl3-dbg deb debug extra libcurl3-gnutls deb libs optional libcurl3-nss deb libs optional libcurl4-gnutls-dev deb libdevel optional libcurl4-nss-dev deb libdevel optional libcurl4-openssl-dev deb libdevel optional Checksums-Sha1: 66e1fd0312f62374b96fe02e644f66202fd6324b 3073624 curl_7.26.0.orig.tar.gz 23cacf968e009923447fa645af134b6ae85e81da 42245 curl_7.26.0-1+wheezy13.debian.tar.gz Checksums-Sha256: 79ccce9edb8aee17d20ad4d75e1f83a789f8c2e71e68f468e1bf8abf8933193f 3073624 curl_7.26.0.orig.tar.gz 72492ae7016aca39f0b3a45273ac634c6373e617c1ac9e8725983104ff1947c0 42245 curl_7.26.0-1+wheezy13.debian.tar.gz Files: 3fa4d5236f2a36ca5c3af6715e837691 3073624 curl_7.26.0.orig.tar.gz 5a8446d3842d40f22c8ee07346c2469d 42245 curl_7.26.0-1+wheezy13.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVNkC1AAoJEK+lG9bN5XPL1H4P/14d52gKd9jI0ARZB8nQbE8+ 6LtUvTgydr7FL5yDi+VYIc0CDtlClUIKEa17FbjuVLKGO4PGfW94Yjuly9Tgi/xS LGvMt/DtHEmSObkBjtj0l+bMxOQ8wE3EeSRCTKKzGgAbA9NBAYhFDI+tZM7R/D87 6S7kncQJB8c0DHCjG04FE2sf1brK11BgfCgPBTmvI/8YFJGrj0C0VByuPcJupKwh +kO55tUH1Q0gixnCkiEg821BJfpulhE8m+wkCtfrH9rKnAsoXLC31AdUodAhNJlY HCZw2fnUi+WrXRGS9BQ2HISv9h17mbAdfq6pSku1CiMpJsKeKdWS3IDoxZ9lcwMg 0T1AUH4e2dSmVLrYPZv9g+8LoIEv6ZDPLqGaIvaC8NxohFEfmlPIXcxCjXh1LVD5 fCWcn8LHlFHaA3mV623ePvRxl/40R3XhjIczPapE6LDOOvbg+xhmaAUTBFu9s9PJ 8hAKEWZVx/DhmCaqswP40u9pNH7xB1nToFy5H5muxZ4ZG0VVGH5Akc4YBh9Svqo8 fi2/thrAQdErxMOVlS6gmK1nf+OnyfcfVO9DSz9dtOa+3J23gcQuZIkVsg2njLzu PG9gFWeKnneRwdVhFA5dSFOpEblqL9lpsvBGYAR40qu8RcGSd96LMgatckKYQiBU 66RGKFXEPA9TQjm6j7aB =JumR -----END PGP SIGNATURE----- Changes: curl (7.26.0-1+wheezy13) wheezy-security; urgency=high * Fix re-using authenticated connection when unauthenticated as per CVE-2015-3143 http://curl.haxx.se/docs/adv_20150422A.html * Fix Negotiate not treated as connection-oriented as per CVE-2015-3148 http://curl.haxx.se/docs/adv_20150422B.html -- Alessandro Ghedini <[email protected]> Tue, 21 Apr 2015 13:51:57 +0200