-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3951-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 14, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : curl Version : 7.74.0-1.3+deb11u14 CVE ID : CVE-2024-8096 curl a command line tool for transferring data with URL syntax was affected by CVE-2024-8096. When the TLS backend is GnuTLS, curl may incorrectly handle OCSP stapling. If the OCSP status reports an error other than "revoked" (e.g., "unauthorized"), it is not treated as a bad certificate, potentially allowing invalid certificates to be considered valid. For Debian 11 bullseye, this problem has been fixed in version 7.74.0-1.3+deb11u14. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmc2E/AACgkQhj1N8u2c KO/lgA/+LrSQ3tWHlLIKWfc34SjXo4Q0C/aWa9fcSfqDOmKvQH50dPmAFDn0SVkk yJ+hh23ipAcENsBSbUIDbkLsFCBtrRK2hopL/K9ifMKbhbi7IdByA1fVn3ZieA4k SJRl3QGFiXdjiMrWFFIDlEsjYmm3auqSd4LrfMEs1KH16lJ880KAcjpIG5VQy5tb pmmmwaDavS8QX6ch/8wNEqGhGlPlw6kZg9e1fqzH5zpG4l7STVHl9PgFCM/ZJ4fj eulcqDBeUUwt6+yfShfklscKpdCfIh9szqmZOO+tvLw5M1YUq9QJH+IIuS9Jg+6B 1UN6ILROUSgJczdpahbHU0t06CXoLPTpW1Lv7PlyYYE4EI+aC/FqjZm9uOd1nQjv EqCdyGd2oMVq110uEwMJ7BovBFYaa//ZeDmwlCgSxyULrmH5AUoqtqG/h66iYiDI 9CJ9un26GlSpsj3AcGWET0XWVZbfxu+bMTPP7EODXrQvdzVT8Xn6Cmm/k9wvZb4i AZHv5LI5D2qXlr4tIefGJ8PC+vE8eDE+DsrN1yybxhkB61Qf2LdrQHWjf1JJ/mIy 6ZkrawSpVj4PsCLlitzyGYF7NqZrAqK97RY/8CWSaG4q8A9ifWqXXVsS4ddfeIDQ /Xx+TAbRqu06M8qTGEtwHr1kRuZVqVPGPsza5GBXqmeMPg2xNLQ= =Z7Da -----END PGP SIGNATURE-----
