[SECURITY] [DLA 1379-1] curl security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : curl
Version : 7.26.0-1+wheezy25+deb7u1
CVE ID : CVE-2018-1000301
Debian Bug : #898856
It was discovered that there was an issue in the curl a command-line tool
for downloading (eg.) data over HTTP.
curl could have be tricked into reading data beyond the end of a heap
based buffer used to store downloaded content.
For more information, please see upstream's advisory at:
https://curl.haxx.se/docs/adv_2018-b138.html
For Debian 7 "Wheezy", this issue has been fixed in curl version
7.26.0-1+wheezy25+deb7u1.
We recommend that you upgrade your curl packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlr8crsACgkQHpU+J9Qx
HlhKSg//d/ntJLcUprVeuGTnw5fTOGH8t2lSYoE/OH/uxi8u/KWt7DPPRraMA0ON
PxSN2tVoJfumIHJDxZKlHzCe4AtZVLrGXdABj3ARhNOIUAxv5EwS6v7kIkmkMXfq
Tsr8yTed//Oc7ZKsSbypMyH4hywrXOIvqVm50HvybRQe+f3vfWSVM8O1Jj5lpgjk
DeMiEf9O2mlDc43oFBQIanM5+QTv3LDx/KuL+M0RgHyDydOZDtqsrAO2eWeGq6FE
5jKaramWkslDWeU7JOxYt6/6yUo9b8BTuboc856h9R1/1PQLBMkfHM4Dlg3hQedF
OElZJ7napmfSXJgGM/n94SChrr1OW5LGsF3k99u/dN6txWF2gyhhkpGLU9Ef3bHn
CGC3xFXdEEN3jRlqjKNTVLO2CpXfdr6wxuzg40L41qufb102vAOvsSEW5joetG+w
bZxoTz3wRNyOAAAgfaZD0FHgn3erqTPFvyFK5SfRWa1mh20bZFSZOhCk14hARGJz
bFAgKD+NO+v7f37IGDRfw/WbyfwL2WtS9oUyioup5ty419QPBPFaZUjZY3LbOY7t
fngeTGlFbA2qgRWEZUgiZvupca4GdloV6l7Rmvt/D4Mwjas/uAxFrMBBUxdWvBQM
bbFT9ngVfxdqYwYHz0bNXUl1ptOLxgiF7vjEJemPzda48ifae/8=
=Dp/u
-----END PGP SIGNATURE-----
Reply to: