Debian-LTS alert DLA-625-1 (curl)
| From: | Jonas Meurer <mejo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 625-1] curl security update | |
| Date: | Sat, 17 Sep 2016 20:28:27 +0200 | |
| Message-ID: | <d4d8f97c-eb97-27e4-17bc-85ed59aef3e2@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : curl Version : 7.26.0-1+wheezy16 CVE ID : CVE-2016-7167 Debian Bug : 837945 It was discovered that the four four libcurl functions curl_escape(), curl_easy_escape(), curl_unescape and curl_easy_unescape accepted negative sting length inputs. For Debian 7 "Wheezy", these problems have been fixed in version 7.26.0-1+wheezy16. We recommend that you upgrade your curl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX3YtGAAoJEFJi5/9JEEn+pD8P/0jQ3VQelOZjGYQkqVvUTJnk Q95yyCjHakcwUctltuc0UIeY82gowf7BzL/a2pkT4nu2fwjAwukXBwe3HjFPsbWr LDAmbQ0x2Aihwo1Kl1VLg2ZPa98bxLhDDdo/b4aHqZ1t7/zLSAhEjVlBWOZhqXpP Cpf0j3CnYQrJpG3U4fRjVFtEUWGcQGXjk9e1woTQqMbiSWO1kTG5l+B8Zp5RJuQ3 zk+OX8nHRMt2g769d6o9oxgf63rkt2i16X9C/1KW9lp9iz1vhPqRSygFnnYhdrSl gga2ZUA+txn27lb+JEvxIS5ul/Y0rrOzXcfkifbpX5ZlzFc3ynAbAKZ5wOeAU38N QhjWUxLnIQTkj5b7waHq0S9Ozpl08TfqetDFcKoLFXfi28VDLKdfayJ5a5ERaF58 gfPYY1h6y1AKGDkn8EqTbtN273BXOwwSdbxgiPMb5MdZ+r3vLHrgtSXseLAMMNNz jUyWH94Rr1wZJ0zoYq2grgmXKbzvkK9GSKMc01rl05e7VdMFsLZ3phls8LWwPo8e nwaNSHwO0zUoH+A6ieN2EWqmIqzlFATwVaYEOTwe/2XdutZbINGY0rpBQBrMztXB c4K/Bgx9ACnuQI1tcJmshVNFziLhu0rzkKb7v7oi4Mu0oA5dZrni+fxl7E6pMRV7 3y2kFlqC9Q5G2UYR21p6 =ikYg -----END PGP SIGNATURE-----