Your message dated Fri, 28 Jul 2023 21:20:48 +0000
with message-id <[email protected]>
and subject line Bug#1041812: fixed in curl 7.88.1-11
has caused the Debian Bug report #1041812,
regarding curl: CVE-2023-32001
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1041812: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041812
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: curl
Version: 7.88.1-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for curl.
CVE-2023-32001[0]:
| fopen race condition
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-32001
https://www.cve.org/CVERecord?id=CVE-2023-32001
[1] https://curl.se/docs/CVE-2023-32001.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.88.1-11
Done: Samuel Henrique <[email protected]>
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Henrique <[email protected]> (supplier of updated curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 Jul 2023 21:11:25 +0100
Source: curl
Architecture: source
Version: 7.88.1-11
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Samuel Henrique <[email protected]>
Closes: 1041812 1041964
Changes:
curl (7.88.1-11) unstable; urgency=medium
.
[ Carlos Henrique Lima Melara ]
* Fix CVE-2023-32001: TOCTOU race condition in Curl_fopen():
- Done by d/p/CVE-2023-32001.patch (Closes: #1041812).
.
[ John Scott ]
* LDAP backend: correct the usage of OpenLDAP-specific functionality being
disabled with an upstream patch (Closes: #1041964)
This corrects the improper fetching of binary attributes.
* debian/tests: add a DEP-8 test that getting binary LDAP attributes works
now
Checksums-Sha1:
fe17f8dd82af50b5aaf566475a59efceb877bed2 3220 curl_7.88.1-11.dsc
6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz
9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc
edc9f4b450bf15210bdde980169ab43eb033fa90 59720 curl_7.88.1-11.debian.tar.xz
85a00c447de6265843a876cc7fb66ab8e8249762 13126 curl_7.88.1-11_amd64.buildinfo
Checksums-Sha256:
2c323f131148e67c83ff864db4125d1e6f51ac3ca46f216f3f7e3ddcb11baabc 3220
curl_7.88.1-11.dsc
cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562
curl_7.88.1.orig.tar.gz
7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488
curl_7.88.1.orig.tar.gz.asc
fcb1f2dad6cfda483847f630ef64b0286f7c6690a63efb91911089a7aa4d3947 59720
curl_7.88.1-11.debian.tar.xz
921d70de390dbdadbd305ab47ef8e1a51ec876c342d1641ed8c750b4c25f427b 13126
curl_7.88.1-11_amd64.buildinfo
Files:
dea117fa804e7be52189ed2013f01340 3220 web optional curl_7.88.1-11.dsc
1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz
08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc
6794128e237c7d376f8d47f2574f3137 59720 web optional
curl_7.88.1-11.debian.tar.xz
b1a46ea810f3dec901518bfa742b84b6 13126 web optional
curl_7.88.1-11_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmTEI3sACgkQu6n6rcz7
RwcTXg/9F6I/YppJp6I9oBo7jBI8mR7PYPd7iEOlckSo7ZL9rEcCsgK9Ky63jNnC
IDvwHZg3J4Od3l/fV3MuO2Dln5sSYJhEW3aNVX1vceWixmea0Ip2f356hzd9v5V6
7oefH3wG3wj4ZO5mxv1Jg6r7HefPc+AnyLt7YhqjthjzkxWMzvww/P0GM8iVhNTT
ZTV8fReXbUWf7Nw5vZMai4ux/aKl2q1T+owlBIuzAEysPt21JiNGUrkMsFr37P0n
qeos0NzIclM5DmGDdZ4b2EoI1g81EjjglCMToFve7Z6lEZ2caTs2XNpKpHQBD5wX
i/EVFB7rFxwEK026nM8awdC01QlSdv0bS6iVaXERGnNvkCr+QNfLrU7ebS7jFi64
+e6/EGsQjv1/zet1fPExmFRRE68yTFqS+pOiT3B0sjN9supZxaDlgRGjea3LMzqo
Cyi2cg2w9BmW0f+Ju0Xct6ONFStvE42+zbeS3q02GQ47qPjtlkkCUUKzMZeTHhuE
cRSB6K4rEyR6xZ84TUQiafZDa220pEIHd8NvNxFWjChUKJkuLygl1YbiF29GKPgK
XE/XXCiNh12CFO2c6PQ9Ra0vrmZbexm18EOfGZ/xyxbCmaW3abbYxaScMiwIJDqR
eI8Q6O841SS+kAksI+uGtjlEbIAzRZKA488s5MkECBMFm0IMbzI=
=+xT4
-----END PGP SIGNATURE-----
--- End Message ---
