Your message dated Sun, 13 Apr 2014 17:02:29 +0000
with message-id <e1wznnz-0005zo...@franck.debian.org>
and subject line Bug#742728: fixed in curl 7.21.0-2.1+squeeze8
has caused the Debian Bug report #742728,
regarding curl: CVE-2014-0138 CVE-2014-0139
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
742728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742728
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: curl
Version: 7.21.0-1
Severity: grave
Tags: security upstream fixed-upstream

Hi Alessandro,

For having this referenced also in the Debian BTS, the following
vulnerabilities were published for curl.

CVE-2014-0138[0]:
libcurl wrong re-use of connections

CVE-2014-0139[1]:
libcurl IP address wildcard certificate validation

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2014-0138
[1] http://security-tracker.debian.org/tracker/CVE-2014-0139

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.21.0-2.1+squeeze8

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <gh...@debian.org> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 09 Apr 2014 19:47:38 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev 
libcurl3-dbg
Architecture: source amd64
Version: 7.21.0-2.1+squeeze8
Distribution: squeeze-security
Urgency: medium
Maintainer: Ramakrishnan Muthukrishnan <rkrish...@debian.org>
Changed-By: Alessandro Ghedini <gh...@debian.org>
Description: 
 curl       - Get a file from an HTTP, HTTPS or FTP server
 libcurl3   - Multi-protocol file transfer library (OpenSSL)
 libcurl3-dbg - libcurl compiled with debug symbols
 libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
 libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
 libcurl4-openssl-dev - Development files and documentation for libcurl 
(OpenSSL)
Closes: 742728
Changes: 
 curl (7.21.0-2.1+squeeze8) squeeze-security; urgency=medium
 .
   * Fix multiple security issues (Closes: #742728):
     - Fix connection re-use when using different log-in credentials
       as per CVE-2014-0138
       http://curl.haxx.se/docs/adv_20140326A.html
     - Reject IP address wildcard matches as per CVE-2014-0139
       http://curl.haxx.se/docs/adv_20140326B.html
   * Set urgency=high accordingly
Checksums-Sha1: 
 50bc91eb47330235b2a5bfddf8e554a1d7c3579f 2151 curl_7.21.0-2.1+squeeze8.dsc
 ec43964ff203a7ef144903d30112934e359793d9 102771 
curl_7.21.0-2.1+squeeze8.debian.tar.gz
 f7c5c6fa4d2c3a33f207b6bdd901eec72c0c4796 229044 
curl_7.21.0-2.1+squeeze8_amd64.deb
 7f72bfaadfd8dda3dc5f497769ad1796b531c9a2 284748 
libcurl3_7.21.0-2.1+squeeze8_amd64.deb
 e2489a9a6fd805ee680aac18a6380086be121791 265604 
libcurl3-gnutls_7.21.0-2.1+squeeze8_amd64.deb
 3b45b78e781a933ac08b89b70906ab0316fbde61 1100028 
libcurl4-openssl-dev_7.21.0-2.1+squeeze8_amd64.deb
 de31c59a6773bd447b646cfc96f58f089a223b73 1076146 
libcurl4-gnutls-dev_7.21.0-2.1+squeeze8_amd64.deb
 cb0a78c21cce9568257d088dc232fc1176955f2e 106632 
libcurl3-dbg_7.21.0-2.1+squeeze8_amd64.deb
Checksums-Sha256: 
 77e07245528ae15a97d124d82da14f20ce7c95df89430c0b1d3069132033dee5 2151 
curl_7.21.0-2.1+squeeze8.dsc
 85470c161b31e2b5c516bbb243f9d3d1b4d83228d4be2cabce22310a63946980 102771 
curl_7.21.0-2.1+squeeze8.debian.tar.gz
 6ded9a857b6e33c61b80416b48b5b7cd38591cde43e617b8b4aecd6f260a869e 229044 
curl_7.21.0-2.1+squeeze8_amd64.deb
 d680a70ed55147397ad2126fcd6cdc2769d902771bf91937c6db8415f1c7052f 284748 
libcurl3_7.21.0-2.1+squeeze8_amd64.deb
 a08ff8ce95ba6eab73ee80701e27be91ac5d818eeb8ba887ae671c46eed68936 265604 
libcurl3-gnutls_7.21.0-2.1+squeeze8_amd64.deb
 f9bc5386461ea7da2558bd6f562ad76385c58c43b8507bcd364bb1a14af33c4d 1100028 
libcurl4-openssl-dev_7.21.0-2.1+squeeze8_amd64.deb
 c0cbecd1556383ee1887c4e1461fdd16cadb00b0359a1692053febee64ceea43 1076146 
libcurl4-gnutls-dev_7.21.0-2.1+squeeze8_amd64.deb
 047bf02f48563d71ee56a8faaf97975fd24fa4c1c259781eea4513516fda4b29 106632 
libcurl3-dbg_7.21.0-2.1+squeeze8_amd64.deb
Files: 
 6d113573d45741d6f69cfab6f2388094 2151 web optional curl_7.21.0-2.1+squeeze8.dsc
 bd41969a372ba02c4d2c9a392d08320a 102771 web optional 
curl_7.21.0-2.1+squeeze8.debian.tar.gz
 3b5a3dc9e36e351151a5488c4aa85aad 229044 web optional 
curl_7.21.0-2.1+squeeze8_amd64.deb
 2aec9d8be465ec9810351e6d4ed181ef 284748 libs optional 
libcurl3_7.21.0-2.1+squeeze8_amd64.deb
 bb758639cf48ab179fa6dc0727203168 265604 libs optional 
libcurl3-gnutls_7.21.0-2.1+squeeze8_amd64.deb
 52ae75b00eba599cebf740315ded286e 1100028 libdevel optional 
libcurl4-openssl-dev_7.21.0-2.1+squeeze8_amd64.deb
 d0ae33531f5e544ebe9d293681207ae5 1076146 libdevel optional 
libcurl4-gnutls-dev_7.21.0-2.1+squeeze8_amd64.deb
 590a7973511a17a95fca8eca59393536 106632 debug extra 
libcurl3-dbg_7.21.0-2.1+squeeze8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTRZZ+AAoJEK+lG9bN5XPLwCAP/RmISKZOtwXIIhZqvi+bThgZ
Jm2REeW8mFk48rC1g6VN1TxfOUFMt1MfJioq7cjEom7CnEj1MTKb+6ap6dB+sKeE
b9EXNpmKmJosxpnsZczirldoOXjE4iQ9WfuaWOh9cxMa/O3JCTUnP7yCic3k/sxj
LVVzw3LovzafXK2BfwbDe0U0Yr7Pfw4PzN4jrSNCstBUcQIuW3g6YcQj6O8tbwsw
NIGtDa1EyA96VJJG6NxcPfnhwEoziP0+OTVAzVSRAerVihoz2F77i27JblSKeSKt
zI2lxU9n0LtgUIQmGDVyVO2a5nRQaPFl1y52JXRykZZovioEBSdbgmegst9PPSAV
s1iMGwfcEgtL+A+7hE9iH6YOPnTWTecmFwnBHtIyKgfrE09hCh0zdj2prnh1heHs
NfNu82VmCspQwG1xGXluLzDiPe4DBV3Sx0CsO/BLhBs1nutxGZj8eaGHqKod5fMV
i+yK0mo7eMPg2Lawxm1JhX5xRvB5gYLm+7tpuBIDQoksqfg0UUFgk7gDbFXvikmB
Cz59v7y5dbQ3NvDbYZ5B/drHz2VygOHETdR7FtvDHGwgHqePTffgqsBdqG2MlMXi
FYN1vJG44zvbOx8rJd/GaZoJYDjWVZYbSfXi7WKDsIzUvGLl4ZCmtBrAgAuyXshP
ZeqHutuEBCLBnj2yKu88
=XC1s
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to