-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : curl Version : 7.26.0-1+wheezy18+deb7u1 CVE ID : CVE-2017-7407
It was discovered that there was a buffer read overrun vulnerability in curl, a tool for downloading files from the internet, etc. If a "%" ended the --write-out parameter, the string's trailing NUL would be skipped and memory past the end of the buffer could be accessed and potentially displayed as part of the output. For Debian 7 "Wheezy", this issue has been fixed in curl version 7.26.0-1+wheezy18+deb7u1. We recommend that you upgrade your curl packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljjfqkACgkQHpU+J9Qx Hlj4QQ/+IwOrFvQYHiPXuZTiSWmqFGXYZ/4XLXJPmeTzkpupMEpJB8S3pt71p1q0 OrOrbSPCpMyr4m/zNGnd1+o+Or+I2R+o4GkY2KdiTInuKwNmMKpG2wzDwKpKfdqT SdzUbgkg8O0IP6mMKMtt0QM7QhFgeC0wl7fhFkUtlQ/iseKjGvw8AY5LgEYaKpxD 4DFqBxH0OH7AkFvzIaqb/ZIWf30i4XNtQJv9ziSd+c+rsxBwlORpnZJVNxy7DJux WyMsmtzArnoczNpk3zLqHKtZiyD48G6+rYFvI/6JeGRttfunfjp1H79Vc4xogFgt nxo1K414eAuWNsApquGUQRoD+NAb6/WczygeiObqd9F8TLFlxlXZxiFAacCkj5ct bnLkfyOYjptmPbFFIqvmjARvubIuIR6Sg3t1fvk3O7W4YfHo+Tc57TylEx8Hfdld Jj9XpL61KBvABxU1yo2i4VnuWNaFXRXLgBczPBw6YQrM7g0KmiVt4d6p/pqfxJlf 5f9xpyuwYbRAScLE6gLqLnluQivXqeKFfNhf0jAe2CLMggS78wnbScWvYRvwooLz 99Oymp9EcHFO/CSBHQe3z8WFDPn15xGjAJ9KzN/Xj8/WR6ei2HOzDuYCe5Iy0+t1 bmA8kKUimbLvosW3IqAMQ6UotS5nWmb3lOuVIGYSNoBX3oeY8a4= =QHgI -----END PGP SIGNATURE-----