[ubuntu/noble-proposed] curl 8.5.0-2ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jan 31 16:45:13 UTC 2024 

curl (8.5.0-2ubuntu2) noble; urgency=medium

  * SECURITY UPDATE: OCSP verification bypass with TLS session reuse
    - debian/patches/CVE-2024-0853.patch: when verifystatus fails, remove
      session id from cache in lib/vtls/openssl.c.
    - CVE-2024-0853

Date: Wed, 31 Jan 2024 11:09:34 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 31 Jan 2024 11:09:34 -0500
Source: curl
Built-For-Profiles: noudeb
Architecture: source
Version: 8.5.0-2ubuntu2
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 curl (8.5.0-2ubuntu2) noble; urgency=medium
 .
   * SECURITY UPDATE: OCSP verification bypass with TLS session reuse
     - debian/patches/CVE-2024-0853.patch: when verifystatus fails, remove
       session id from cache in lib/vtls/openssl.c.
     - CVE-2024-0853
Checksums-Sha1:
 8363138695aac97c172dbef028e804773155a096 3232 curl_8.5.0-2ubuntu2.dsc
 2dc3eefe6576f62c206fbbc99049fad3a5955789 49620 curl_8.5.0-2ubuntu2.debian.tar.xz
 bd1710b4227fab8d862f4c474460cc7fb246c717 10488 curl_8.5.0-2ubuntu2_source.buildinfo
Checksums-Sha256:
 15e2998b2f3c32ae87bf831d4286a440e303d6cd1a1d0ad892c30d521d722163 3232 curl_8.5.0-2ubuntu2.dsc
 7a8a91a65c2498d0cd0f39d58f1e8b4749f4122d1063fb9f3215a7eadd315d11 49620 curl_8.5.0-2ubuntu2.debian.tar.xz
 0d4e68d87e85bcacc117741bd0ce1ad1cae756be9ebea5d1592053fedda23fdb 10488 curl_8.5.0-2ubuntu2_source.buildinfo
Files:
 167706ec43aa5fda56ee76c78e0f1a6d 3232 web optional curl_8.5.0-2ubuntu2.dsc
 0244d59b5c8d0767fcce70dd1de80ba1 49620 web optional curl_8.5.0-2ubuntu2.debian.tar.xz
 bb48aa1552d99ef22f2d0f6faae27836 10488 web optional curl_8.5.0-2ubuntu2_source.buildinfo
Original-Maintainer: Debian Curl Maintainers <team+curl at tracker.debian.org>

More information about the noble-changes mailing list