Your message dated Fri, 14 Jun 2019 20:34:37 +0000
with message-id <[email protected]>
and subject line Bug#929352: fixed in curl 7.64.0-4
has caused the Debian Bug report #929352,
regarding curl: CVE-2019-5435: Integer overflows in curl_url_set
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
929352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929352
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: curl
Version: 7.64.0-3
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for curl.
CVE-2019-5435[0]:
Integer overflows in curl_url_set
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435
[1] https://www.openwall.com/lists/oss-security/2019/05/22/2
[2] https://curl.haxx.se/docs/CVE-2019-5435.html
Please adjust the affected versions in the BTS as needed, stretch is
afaict not affected but needs to check if we backported the
introducing commit.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.64.0-4
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Jun 2019 19:23:32 +0100
Source: curl
Architecture: source
Version: 7.64.0-4
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Closes: 929351 929352
Changes:
curl (7.64.0-4) unstable; urgency=medium
.
* Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
https://curl.haxx.se/docs/CVE-2019-5436.html
* Fix integer overflow in curl_url_set() as per CVE-2019-5435 (Closes:
#929352)
https://curl.haxx.se/docs/CVE-2019-5435.html
Checksums-Sha1:
f84a68983aca6a5e5efc0e0cf7c5cce4ece84870 2687 curl_7.64.0-4.dsc
5da2752914c68179c2d49ac9ed0f098bc7e65d40 33244 curl_7.64.0-4.debian.tar.xz
5bf9fdbb5573b85a710e9ca8b89af9244028dfd0 10858 curl_7.64.0-4_amd64.buildinfo
Checksums-Sha256:
25dfed6bc3a595b8054608a6a7a44fba1c5be851f47760a3743d438d070b43c3 2687
curl_7.64.0-4.dsc
15618c3b4e0000dd65d6708d9ca362a7f33327fb4362ac8802028504051aba0c 33244
curl_7.64.0-4.debian.tar.xz
90768192e17130c942b067ca645a4db507ae57d061e9a7c616593c5e172d0750 10858
curl_7.64.0-4_amd64.buildinfo
Files:
a825ac47019403026ada41763e4d230a 2687 web optional curl_7.64.0-4.dsc
f42625d2a812b48118d322e2894b2772 33244 web optional curl_7.64.0-4.debian.tar.xz
248799831bba0ca82e2d238cd94e1dbe 10858 web optional
curl_7.64.0-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAl0D+CkRHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRyj+5RAAmt5fZNBh/f061WT2VOM9A060C9bw7/41
V1ntDDLFoym4teds6h1Zmw1NfWVgvGwxTvfmIWyACH08Wexms1aKYNEwqp8lHAAk
wjCO8eR66zLH+fJOAHwFANyFeLWgBnAq7GDPdwbffthljb89EU6ea7NEJWoVEGaD
8uUe7Dq4PSh1iTnqmAnsIjK2supKl4c0fbXuAl4+O908RWC/NMH/KIii/RXIfoSy
HaBu9MzdxibKoK2ixp+2Jf1WzTUkZolBnxT7T7v4a1LMgEYeyvtd84hbcYi6mN6g
RauehJ7Joytt/BX3q349A0Qr9wEp4HdU75q9oAEzBNj1sjL2R5e+I9ST1jmyBvs4
XAjedYM/MLDVfRxZwRaks/aocz7iU6bH41AqoapCYf4yGJgvobVGgIn54BVKNSjF
cBkQ6vABTfdtpL9tLuu9DrM5Qsk/KTAg2r11LKvSa+3QvEtxHA3tSQiKJ3ILr8cq
pzTptTf4nPs3l8jJdpulTfHqIRpE8JHuW4Y9NFjp6BZ1goydBqt7OLJImohbbS9q
f/YYXaa4Qs8C4EdJInk9PHD8QgWz+QZgQ6T+zUXyucTfN0sKi8c2K83KfDir5qx1
Y7fTWuPjpTop08CAbWhiHHSfj0zKkIuB1Kzx9D2b10Vkrvi+Qq6IND5Ot9m8jeDS
ESR/ksfz2Eg=
=P95m
-----END PGP SIGNATURE-----
--- End Message ---
