-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : curl Version : 7.26.0-1+wheezy25+deb7u1 CVE ID : CVE-2018-1000301 Debian Bug : #898856
It was discovered that there was an issue in the curl a command-line tool for downloading (eg.) data over HTTP. curl could have be tricked into reading data beyond the end of a heap based buffer used to store downloaded content. For more information, please see upstream's advisory at: https://curl.haxx.se/docs/adv_2018-b138.html For Debian 7 "Wheezy", this issue has been fixed in curl version 7.26.0-1+wheezy25+deb7u1. We recommend that you upgrade your curl packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` [email protected] / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlr8crsACgkQHpU+J9Qx HlhKSg//d/ntJLcUprVeuGTnw5fTOGH8t2lSYoE/OH/uxi8u/KWt7DPPRraMA0ON PxSN2tVoJfumIHJDxZKlHzCe4AtZVLrGXdABj3ARhNOIUAxv5EwS6v7kIkmkMXfq Tsr8yTed//Oc7ZKsSbypMyH4hywrXOIvqVm50HvybRQe+f3vfWSVM8O1Jj5lpgjk DeMiEf9O2mlDc43oFBQIanM5+QTv3LDx/KuL+M0RgHyDydOZDtqsrAO2eWeGq6FE 5jKaramWkslDWeU7JOxYt6/6yUo9b8BTuboc856h9R1/1PQLBMkfHM4Dlg3hQedF OElZJ7napmfSXJgGM/n94SChrr1OW5LGsF3k99u/dN6txWF2gyhhkpGLU9Ef3bHn CGC3xFXdEEN3jRlqjKNTVLO2CpXfdr6wxuzg40L41qufb102vAOvsSEW5joetG+w bZxoTz3wRNyOAAAgfaZD0FHgn3erqTPFvyFK5SfRWa1mh20bZFSZOhCk14hARGJz bFAgKD+NO+v7f37IGDRfw/WbyfwL2WtS9oUyioup5ty419QPBPFaZUjZY3LbOY7t fngeTGlFbA2qgRWEZUgiZvupca4GdloV6l7Rmvt/D4Mwjas/uAxFrMBBUxdWvBQM bbFT9ngVfxdqYwYHz0bNXUl1ptOLxgiF7vjEJemPzda48ifae/8= =Dp/u -----END PGP SIGNATURE-----
