-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2295-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz July 28, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : curl Version : 7.52.1-5+deb9u11 CVE ID : CVE-2020-8177 A vulnerbailty was found in curl, a command line tool for transferring data with URL syntax. When using when using -J (--remote-header-name) and -i (--include) in the same command line, a malicious server could force curl to overwrite the contents of local files with incoming HTTP headers. For Debian 9 stretch, this problem has been fixed in version 7.52.1-5+deb9u11. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl8giq9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeFvw//dkvFtA9kEIduqD6/VTnlMl3fLeHmD9n+qX8zNq+xHc9KRL1OVbhzEezM KYcSzuIMxrC3hvQpxspZniCcMpmrY/Cw1E21UWVAqYEY2heiY58/ZW/koXOxf4A+ Ji/G6mfcLirr3K8Th6TG6Cqdvu6y6alt0+ySCzhZ/gYf5wjKdGGVwGylu01WKb15 X+XPToIHk1yztlVQHUQodSxfA1U4rQbMu2Zouc6AK/u0p/kB57+/ghaAfiKNg906 W8Sy7lo5WB55cmQFR0wvx5kJ1WzOPLPD+1Sr3a8jC507EUiUARzykRCw1fh4UM3U qj3NyVCeUUbwmFzHCromjZ/6jqb0ZtAW4+KToOhx4STrjE2gI6cDwRvoKHcxoa6e LU8mc020FbG4CcwIWTXGLbhz98MRu8lV6r26gHynbweCOoO/uWDsH0e2DKZkEvXV WegsL/CLnthsuM0vdnPiZRqwcj0pVSTNyYE0MdZIZPA6IfhbxfH0Q7LhXE2sZ0n3 f/azKx1unePWypBZ7GX9rpTyQM5tym1Ymo5odSlSjiz7gCroUNPevX+EpSI3Kge2 SXU3ktfEm4Njn4xOeyoc5xhWVogpMQXdpPLPW4BFwBjYxkYCCJeDBsdg7OUlEy5G QyJ6MKjv8SRjgEWC60D1vJWg6N67OKpnypAzIgyO6lSFYWVxPzw= =pk/n -----END PGP SIGNATURE-----
