[SECURITY] [DLA 3341-1] curl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3341-1] curl security update
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 24 Feb 2023 13:17:04 +0200
Message-id: <Y/icsNo1lu+wTe/R@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3341-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
February 24, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : curl
Version        : 7.64.0-4+deb10u5
CVE ID         : CVE-2023-23916
Debian Bug     : 1031371

HTTP multi-header compression denial of service has been fixed in curl,
a command line tool and library for transferring data with URLs.

For Debian 10 buster, this problem has been fixed in version
7.64.0-4+deb10u5.

We recommend that you upgrade your curl packages.

For the detailed security status of curl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/curl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmP4nKwACgkQiNJCh6LY
mLHRPhAArz0793ekL6VwFNcpFbPfRmM0YracDoKoF/6p3zrJ5QVNiFEGuAn1p5gB
Gx8dk718Jdu4Ph+sMed48a5B1k1z8Qp4v9xNlt2B+aHFFQez5fkyP8ZyUAyhUaiu
nzEbm2eAT5LsoI8URdwRpjDYnZj0IBYJu1jt38tqQoBzUikWV6eC3yeh9NYFUNYB
ZYFqJi+bOOpsptLvUAfRXHXToC+7nmsBLQdWr3lrELWfwhhJD+HAU/YI5FaP6Fa5
f8AiVgvYAugoF1IQHuPpBepUwZOynYgTBTBffG3ca4NRsbfDt1Z9GL7Z0/q4rNNB
J53eihMmPRzxVoODsuHtwRjGkMQXO/7YeVAfHbYCUwGut2haWRcW3SDf82kI36cF
mFojO6cV7n37ylZ2C1XHFM23599DnTvGtVESBY5mpKkhrI7redTWl+BC8n8vuwfW
7bdvXr/0iO0UKBpdnPTyEqEhZ/y9gFnBTk1f0LezpJxa7DHvXmSSJ1c2FJWzRPsn
fEPB16KG8x1qMoiDQgzp8KMDH1QCbRbO1phSnOGkDQH5eFmLdiOHADvIi0OwFttO
kfupn4rhurXdaB8DHpkRfhlzOyFLGoPZ08FFoJcPBbqDm+IcSr3RSyiYN+FJD+SE
PBv582qxKfboCkW99jcHIWfYg0P2rC12HkNpP2hemXhpzsQjI/s=
=JgEq
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3340-1] libgit2 security update
Next by Date: [SECURITY] [DLA 3342-1] freeradius security update
Previous by thread: [SECURITY] [DLA 3340-1] libgit2 security update
Next by thread: [SECURITY] [DLA 3342-1] freeradius security update
Index(es):
- Date
- Thread