-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : curl Version : 7.38.0-4+deb8u14 CVE IDs : CVE-2018-16890 CVE-2019-3822 CVE-2019-3823
It was discovered that there were three vulnerabilities in the curl command-line HTTP (etc.) client: * CVE-2018-16890: A heap buffer out-of-bounds read vulnerability in the handling of NTLM type-2 messages. * CVE-2019-3822: Stack-based buffer overflow in the handling of outgoing NTLM type-3 headers. * CVE-2019-3823: Heap out-of-bounds read in code handling the end of a response in the SMTP protocol. For Debian 8 "Jessie", this issue has been fixed in curl version 7.38.0-4+deb8u14. We recommend that you upgrade your curl packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxhl/UACgkQHpU+J9Qx Hljp2Q/9HzuJ9vRQuvKV7QoFUhIjUDEnOinI7oXnekFWJXhbB4fIS0icCIS9YHQZ C3dLsyUPudsxz7DhIGc/SXOEU+Acbbp6FK4LpM+YT/q5gkpWgAw1aHazQgABgGO5 We1t6CDRwHAmQmZDQZyVJ4wbPw1VCu66RMnkWEaYq50owwi0/7BpnW7w0g9y83tw DnlAJ3int8TNwVaGKD5LVke4iPPB3rex3RjglzA3leB/p/11Ei2EeL5D7q3tsRVt kTygM7HwnHkGvVFBCQGZoNhmSPkFBRIGO9WZ4u9M27taatvVbI2T4qCjOqXvdhba RpjEWhGgTUfoL8i3c4CR5vQHCQ7dCVtkDcuH8LTSSyZigAWx9SGeapVQt60l/LRo mJSLgfFLySOcB3AxQOjdDhFJqgVPvk7/5uiahg1IUzGNcRdX2ws3xLjegpc2HdwT jRdRYKFEva8OXyYG/rDQw/0vfVJsjSpRKt2uNbhgpRZkDd70MUJjehBXohNCpzYr ck+TKnHx64gi2o1/4RvyrrDHX1J8s5F8wIrnMQix4HPodv3wSg7PljsG3931YHGX F0OrNi64ODYQJYcP612lKif2YQAzb4pofhljP4DDCP5FlUAWLb+++U5hI5trm6eb 2Qn7pPc7NzoROnZD2LLm6FVP9BsJPeXhoGfA+iskQ4WnHio9Faw= =R862 -----END PGP SIGNATURE-----