-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 10 Feb 2025 11:45:37 +0100
Source: curl
Built-For-Profiles: nocheck
Architecture: source
Version: 7.88.1-10+deb12u11
Distribution: bookworm
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Dr. Tobias Quathamer <toddy@debian.org>
Changes:
 curl (7.88.1-10+deb12u11) bookworm; urgency=medium
 .
   * Team upload.
   * Import patch for CVE-2025-0167.
    - When asked to use a `.netrc` file for credentials **and** to follow HTTP
      redirects, curl could leak the password used for the first host to the
      followed-to host under certain circumstances. This flaw only manifests
      itself if the netrc file has a `default` entry that omits both login
      and password. A rare circumstance.
 .
 curl (7.88.1-10+deb12u10) bookworm; urgency=medium
 .
   * Team upload.
   * Import patch for CVE-2024-11053
     - When asked to both use a `.netrc` file for credentials and to follow HTTP
       redirects, curl could leak the password used for the first host to the
       followed-to host under certain circumstances.
   * d/patches:
     - url-use-same-credentials-on-redirect.patch: Backport upstream patch to
       fix the issue of reusing closed connections when the server disconnects
       unexpectedly, and ensure redirects keep both username and password.
       This patch is required for CVE-2024-11053.
     - CVE-2024-11053.patch: Import and backport upstream patch to
       fix CVE-2024-11053
Checksums-Sha1:
 b7e17cd1c45012700b3687579a23d83626977ecb 3256 curl_7.88.1-10+deb12u11.dsc
 6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz
 9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc
 b3dffe42291c2baea76a882dc1b9937a307f7195 81044 curl_7.88.1-10+deb12u11.debian.tar.xz
 65cf4a977e565567984181d05b6ceb2301deb295 11645 curl_7.88.1-10+deb12u11_amd64.buildinfo
Checksums-Sha256:
 2f9b408d4a784212929d746bcf979dcccf3744136dc016e9a69b2e86ed11b4b5 3256 curl_7.88.1-10+deb12u11.dsc
 cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562 curl_7.88.1.orig.tar.gz
 7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488 curl_7.88.1.orig.tar.gz.asc
 cdeb4b512b5a845b3bad4d4685a773efb47d882c60627873aed5318ae927a7ca 81044 curl_7.88.1-10+deb12u11.debian.tar.xz
 dc78f15558917c7c4290737a061acc90d64c5b9279f72d33d69b6ea839f7e5ce 11645 curl_7.88.1-10+deb12u11_amd64.buildinfo
Files:
 4be44339dc6cafc15e61d9172aa6d0cd 3256 web optional curl_7.88.1-10+deb12u11.dsc
 1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz
 08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc
 9d5cdcf35a92f9d54c5b0db26a17deae 81044 web optional curl_7.88.1-10+deb12u11.debian.tar.xz
 3c928d563078feb893e69fe796c064d4 11645 web optional curl_7.88.1-10+deb12u11_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmfLeoEACgkQu6n6rcz7
RwfwGw//RF2x/iWtkWZzf4Q9HO9+JzaItJoUQOtYXordv5Lh13/baQ2mqbHM6PjI
9etBhthC0UnwL/MXGWeXrEx7KFqGZHZtQHGpVIP5p0uFIGcaS/xI5gRWP+WbeI7X
nAkTcuY2Voe3/pzeg91858kV9tDNaX9PCzRRDZqASaT7J9Z7rIuV/1RgQty7nEiT
7GUHMpzCISQjU2V+q+kEHLKSapDAeyZK+iZ2QUZCvH8V7fe/WFWejfsB47E/hFdP
ycQBzrsESlPiAd8Vr0u3JDEAWA3rc7OcqLKitfUtRhM04W/bPpUuq+kN9DatCjC7
EIG4b1Qcpd7omgzOnruaenxpdLgcc5qEH6X6EcSUNenp85TcZKnrBPcJG+FIFYVy
LZsZj0AfY35a6iWtk1eykQIC40SY7Yuvihf9Gxs+0yCMt/o1Len6OmEaNLEnkf9h
b9QyJNvk7lfO7PPF3uqfaoO/969PM5L/r/zU+bRylN1NRe5njRZ6iIHlwkVjBVs2
QIvBGKjJBqgI6y/G5D1m0tBPQeaRWdoj6FLiDwEoxUySU38uvUC1tZzCNRuiR327
SP8pcQB2Vv/rkJIi/0+HVoOkDBn5wVR1N6CoiZu8fCeCBSoZu589iOTdnL/gdEhs
ZLTivksbAJyPHPniir+stk3H4EEsfR3/twEUOcxxSqkUGZ4ZYo8=
=4ROT
-----END PGP SIGNATURE-----