Your message dated Sun, 30 Jul 2023 17:32:08 +0000
with message-id <[email protected]>
and subject line Bug#1041812: fixed in curl 7.88.1-10+deb12u1
has caused the Debian Bug report #1041812,
regarding curl: CVE-2023-32001
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1041812: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041812
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: curl
Version: 7.88.1-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for curl.
CVE-2023-32001[0]:
| fopen race condition
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-32001
https://www.cve.org/CVERecord?id=CVE-2023-32001
[1] https://curl.se/docs/CVE-2023-32001.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.88.1-10+deb12u1
Done: Carlos Henrique Lima Melara <[email protected]>
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carlos Henrique Lima Melara <[email protected]> (supplier of updated
curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Jul 2023 18:43:52 -0300
Source: curl
Architecture: source
Version: 7.88.1-10+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Carlos Henrique Lima Melara <[email protected]>
Closes: 1041812
Changes:
curl (7.88.1-10+deb12u1) bookworm-security; urgency=medium
.
* Team upload.
* Fix CVE-2023-32001: TOCTOU race condition in Curl_fopen():
- Done by d/p/CVE-2023-32001.patch (Closes: #1041812).
Checksums-Sha1:
d1517ea9bee1d9c7962ac45903a144331d25d0ff 3195 curl_7.88.1-10+deb12u1.dsc
6ae5229c36badb822641bb14958e7d227c57611d 4343562 curl_7.88.1.orig.tar.gz
9222035242431a3ef31d33a2ca3d881bcf4572fe 488 curl_7.88.1.orig.tar.gz.asc
86db2239b3fe0fef6ab539a806b28d450babc066 55864
curl_7.88.1-10+deb12u1.debian.tar.xz
05e866e4d2591ce3adfeff5e2727fa47aae2b8a7 13194
curl_7.88.1-10+deb12u1_amd64.buildinfo
Checksums-Sha256:
d948b93c5b9caada608043036d3def2f27b3255a4d517897ebc1f044ad8d843d 3195
curl_7.88.1-10+deb12u1.dsc
cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7 4343562
curl_7.88.1.orig.tar.gz
7a5a55d7123149a1b357f298cf895bd0a601e3a2807005ef6c95f3752803485f 488
curl_7.88.1.orig.tar.gz.asc
d0cc82a551c8dfe80191a65f9d1190db4a5c9e543e6f55093e034e595d901763 55864
curl_7.88.1-10+deb12u1.debian.tar.xz
beabffd546b20be04569add2a6c6c40cc9814dac2d1634c7c6fea3ed4dfca02a 13194
curl_7.88.1-10+deb12u1_amd64.buildinfo
Files:
57f1f505f84dc01f9569a2df02e55bbf 3195 web optional curl_7.88.1-10+deb12u1.dsc
1211d641ae670cebce361ab6a7c6acff 4343562 web optional curl_7.88.1.orig.tar.gz
08b846caa2ce56ccb4b4caa268b30dc2 488 web optional curl_7.88.1.orig.tar.gz.asc
6e9e1647187fd6eb06e6ff189166fad2 55864 web optional
curl_7.88.1-10+deb12u1.debian.tar.xz
76e4ee48e21b6603d774592b6abf245e 13194 web optional
curl_7.88.1-10+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmS/bwIACgkQu6n6rcz7
RwdLvxAArzTp2p+WmuH3Mj8FS7FLudUj4yZ27bcbEIBG/1WsrwlwKjk6nOi9WIKl
Ld6Ng53Mb4x211hEo2/dhhC+3RCknOpmlDH7c8nKVDLqIfxa3Q0ePvMnxa23Iit8
eyDtWdL9tENUe3b0HPMz7MUs6073K+c3Uy3LrMXHjnM8bb55Qls8vgp6inqm725e
PE64Drseh/aLxxuwxkdh2WhOxR6g/wqQQwatBJGCrackmfNytNSHEe03fW4Fi0ei
QIrswhU4puYu0JePgW+f6kfrJhemkUe0tbqIldDXqddJyixldVa/i2wzPrcj/wPg
nadGesUx4Z6QJLG9eSNLXD0HGDbElYI8Qk239rqcnWZ4YkaiYE+lKjif4iY4/dIX
vpmSEtyg/+CRRSKy+sdjA4psOwwpeHux7RXbuQjVa1scOBE5yUlBJjcgGFJ6v+zo
xOIUXi/kgGQQO5JjEHo9mGO7YhdX3spoFtiuCL0Sa7ya2Jxki+RPen6jrxR/PGig
+5hVaPQ9coc5HbfrIE0CvTSa1mj+4jvIsIeoZTlnVNUd4Z/8VU3BPBT+o5NER+w6
Rxklg/40rZav8STZkJES2bD7vM2kApv9vbwA8SBSarfNEwTUWoWI+Xe2y0K33BJ0
yURngmr82Ujt7/y5cRd354IJrz/6Aof0gzkZK/mK9bG4C1lC0e8=
=QJPY
-----END PGP SIGNATURE-----
--- End Message ---
