Your message dated Sat, 12 Aug 2017 16:04:21 +0000
with message-id <e1dgyth-0005jf...@fasolo.debian.org>
and subject line Bug#871554: fixed in curl 7.55.0-1
has caused the Debian Bug report #871554,
regarding curl: CVE-2017-1000101: URL globbing out of bounds read
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
871554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871554
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: curl
Version: 7.38.0-4
Severity: important
Tags: upstream patch security fixed-upstream

Hi,

the following vulnerability was published for curl.

CVE-2017-1000101[0]:
URL globbing out of bounds read

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000101
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101
[1] https://curl.haxx.se/docs/adv_20170809A.html

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.55.0-1

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 871...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <gh...@debian.org> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Aug 2017 15:18:05 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev 
libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-doc
Architecture: source
Version: 7.55.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <gh...@debian.org>
Changed-By: Alessandro Ghedini <gh...@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS 
flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS 
flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl 
(OpenSSL flavour)
Closes: 871554 871555
Changes:
 curl (7.55.0-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix TFTP sends more than buffer size as per CVE-2017-1000100
       (Closes: #871555)
     - Fix URL globbing out of bounds read as per CVE-2017-1000101
       (Closes: #871554)
   * Refresh patches and drop patches merged upstream
   * Update Standards-Version to 4.0.1 (no changes needed)
   * Drop -dbg package
Checksums-Sha1:
 d9ad1d3c91bd3298a460280019373e294ce5ac1f 2712 curl_7.55.0-1.dsc
 e29683d0cfd1f3ab264af27b2dea8fa0c086f1cf 3730165 curl_7.55.0.orig.tar.gz
 ea28ee20edec0691846cb4b8a057c2d1a5224807 27528 curl_7.55.0-1.debian.tar.xz
 71a45b5850bd901f46920e2c53dcdc0d262966d3 10782 curl_7.55.0-1_amd64.buildinfo
Checksums-Sha256:
 1b2e9f9db9b691ae6b2377b7a6d68cfca635432266db7d3004b6f35969a037ab 2712 
curl_7.55.0-1.dsc
 dae1b1be34f5983e8d46917f2bdbb2335aecd0e57f777f4c32213da6a8050a80 3730165 
curl_7.55.0.orig.tar.gz
 92025c6f04f0d3770b7da488efc131c4960d52d2f1de3dbdce063d3ac7b00c31 27528 
curl_7.55.0-1.debian.tar.xz
 364f517d2f3984241c2e382a49ad42ccf2c0c144464adb601985fcc8ddacc8a9 10782 
curl_7.55.0-1_amd64.buildinfo
Files:
 a746af784d9bd9dde0a9702870bffa2a 2712 web optional curl_7.55.0-1.dsc
 66b2b81489ada6a9de77bafae8dd21d8 3730165 web optional curl_7.55.0.orig.tar.gz
 a365df863413cf2a5ecae3cc5a169864 27528 web optional curl_7.55.0-1.debian.tar.xz
 92364075daae4d1cde28884d2ce2855d 10782 web optional 
curl_7.55.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlmPF/oACgkQbwzL4CFi
RygqYw//V5Edrdp/F0Iqd3CrPuls9aY0Fb9fWIOs9DBODC3w4+4AUtojevovu+Hr
imHaKlU5hWw+H5+/VAR4IB5Re+Y2fkTKhOaK3OYqlc10j/bdn3pEihZdmbK43Dl+
bIRP339jhsr1NEYQsjjRF34nHCGZj9BGsH5DBc3QS5UzBWwBzQmD8J7/voDdwITT
w+0tq11u7Q+0x+9V0eLH3LRAKykp/pgrsrnggdVQfI/y99vij4FFLPfEqVJHJiEe
wxAeQy+P5ehYf3mYu7IM8mNefrNR8PyiSo6wVCl/+m4kmRzLeN/YWWnhUNceII16
/phRQkW6pM5ZCf1pyy1lULu9hAi/dg8Rc9qhx/021RiphAbQ6HPh53vLhPLmN+rE
zruQOgBqkGzS/jtKhqinpJCs3cZddmWo/yTJkbpx9g+2W45hSoD4epAyDOr/IHpV
y2cCD/Jyjv49HQiGIptKleCWs7PJzDXb1/GQxHYtwZet7F9Yw6dicgHmc9/feLcr
5lJIRD37VZHd2MPUQzk/sagqdBzKFDDjCrgk+szQMz2NXkY5aP1JADtPv6JvFChE
MY7Bh89TvU2kZSvKmThI9oDJXGz8s/dte4UWZI8NZjQ+X652jo/a9bNNayVk6Yfa
7U6kXRurHq0oPX2sfYV7co19b/SzO06HRklMN1llV+AoZO5BTvs=
=tfM9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to