Bug#631615: marked as done (CVE-2011-2192: libcurl inappropriate GSSAPI delegation)

[Debian Bug Tracking System]

Your message dated Sat, 02 Jul 2011 13:53:15 +0000
with message-id <e1qd0dh-0006fd...@franck.debian.org>
and subject line Bug#631615: fixed in curl 7.21.0-2
has caused the Debian Bug report #631615,
regarding CVE-2011-2192: libcurl inappropriate GSSAPI delegation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
631615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631615
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: curl
Version: 7.21.6-1
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Please see http://curl.haxx.se/docs/adv_20110623.html

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4F07cACgkQNxpp46476aqlfwCeP8tSFJPpNkME0Jr4snwc00Um
4dsAnRIq4WskZHnxV1JBmEAmyWonbVMy
=jc5G
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: curl
Source-Version: 7.21.0-2

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive:

curl_7.21.0-2.debian.tar.gz
  to main/c/curl/curl_7.21.0-2.debian.tar.gz
curl_7.21.0-2.dsc
  to main/c/curl/curl_7.21.0-2.dsc
curl_7.21.0-2_amd64.deb
  to main/c/curl/curl_7.21.0-2_amd64.deb
libcurl3-dbg_7.21.0-2_amd64.deb
  to main/c/curl/libcurl3-dbg_7.21.0-2_amd64.deb
libcurl3-gnutls_7.21.0-2_amd64.deb
  to main/c/curl/libcurl3-gnutls_7.21.0-2_amd64.deb
libcurl3_7.21.0-2_amd64.deb
  to main/c/curl/libcurl3_7.21.0-2_amd64.deb
libcurl4-gnutls-dev_7.21.0-2_amd64.deb
  to main/c/curl/libcurl4-gnutls-dev_7.21.0-2_amd64.deb
libcurl4-openssl-dev_7.21.0-2_amd64.deb
  to main/c/curl/libcurl4-openssl-dev_7.21.0-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 631...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ramakrishnan Muthukrishnan <rkrish...@debian.org> (supplier of updated curl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 26 Jun 2011 20:53:39 +0530
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev 
libcurl3-dbg
Architecture: source amd64
Version: 7.21.0-2
Distribution: stable-security
Urgency: high
Maintainer: Ramakrishnan Muthukrishnan <rkrish...@debian.org>
Changed-By: Ramakrishnan Muthukrishnan <rkrish...@debian.org>
Description: 
 curl       - Get a file from an HTTP, HTTPS or FTP server
 libcurl3   - Multi-protocol file transfer library (OpenSSL)
 libcurl3-dbg - libcurl compiled with debug symbols
 libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
 libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
 libcurl4-openssl-dev - Development files and documentation for libcurl 
(OpenSSL)
Closes: 631615
Changes: 
 curl (7.21.0-2) stable-security; urgency=high
 .
   * debian/patches/curl-gssapi-delegation: Fix for GSSAPI delegation
     vulnerability as detailed in CVE-2011-2192. More information and
     the patch at <http://curl.haxx.se/docs/adv_20110623.html>.
     (closes: #631615)
Checksums-Sha1: 
 11769803ef85224798159ee54980b50fbf2d089a 1483 curl_7.21.0-2.dsc
 d0e5a1184315b9abb9cc54d77d4a0200526f046d 2714501 curl_7.21.0.orig.tar.gz
 c93f4da1f71022e0b9f797537b41ae7c2b922112 92023 curl_7.21.0-2.debian.tar.gz
 82f4a7581a626f29ce51db85fd0b7a48a1ecda14 228886 curl_7.21.0-2_amd64.deb
 6655372bca0ab93c6f96dc4b56d829bfb9ce9714 284746 libcurl3_7.21.0-2_amd64.deb
 0c7e801c775518b6a5b80d627971a73db49cc669 265686 
libcurl3-gnutls_7.21.0-2_amd64.deb
 3ebac80e7aea47239404e4a81c64c2d9a4592446 1099584 
libcurl4-openssl-dev_7.21.0-2_amd64.deb
 b2fe612672dab1f1a2dcb614b4ce816560fcdd4c 1076426 
libcurl4-gnutls-dev_7.21.0-2_amd64.deb
 187b063e8f349bd2d9a655673b7ac9cbbf5ca70a 106590 libcurl3-dbg_7.21.0-2_amd64.deb
Checksums-Sha256: 
 e710aa4e09ad14d5ada762f8fb19f58338b84569f56143987fcd9749112ae0c5 1483 
curl_7.21.0-2.dsc
 b3e2047c6f70eb321557af980a9554f0a98fb122d9636f1c98833262eed8de1d 2714501 
curl_7.21.0.orig.tar.gz
 c76fc200b8c29da64b8b3808fa1b3f408e57c2bf0b82822ed1f8aeed239c4495 92023 
curl_7.21.0-2.debian.tar.gz
 4c31985f23ac62ac66b75e7c955c427b6fd538356f8e0cccf64dc0409d45f69d 228886 
curl_7.21.0-2_amd64.deb
 218918c1fe6f849da98424f9c45c34e84e1cef3c6ccfa5468aa0e77be6aa9526 284746 
libcurl3_7.21.0-2_amd64.deb
 05f49303e86bae0817b1dd1f7b43445f1396076eec8ac2b777113407969ee235 265686 
libcurl3-gnutls_7.21.0-2_amd64.deb
 3f5cd29f1b7f37d3888b29739e5904fd6e588346a31a1455fcde90e6dfb71e1b 1099584 
libcurl4-openssl-dev_7.21.0-2_amd64.deb
 e0496ad0b614ad7256955c468ba41f0d91ed90bd5c4dd26abf69c9800e92187b 1076426 
libcurl4-gnutls-dev_7.21.0-2_amd64.deb
 a61967e13cd71206a27305c6fe28084450d885f49449ada569fa88f720b91b39 106590 
libcurl3-dbg_7.21.0-2_amd64.deb
Files: 
 16e4e81fcbbf2db63dd7d8cad2368ce1 1483 web optional curl_7.21.0-2.dsc
 6dfb911a254a1b5ca8b534b98f2196aa 2714501 web optional curl_7.21.0.orig.tar.gz
 747563503807e70467a5085eb201d305 92023 web optional curl_7.21.0-2.debian.tar.gz
 dca17f4d80e7f12752fc9a586859068c 228886 web optional curl_7.21.0-2_amd64.deb
 5bdd11051e1a3fc4c4b64c82e558a085 284746 libs optional 
libcurl3_7.21.0-2_amd64.deb
 dc106cecf7bbd23666f5a19e2a60c19b 265686 libs optional 
libcurl3-gnutls_7.21.0-2_amd64.deb
 6970782868a19b5e375f43471a050243 1099584 libdevel optional 
libcurl4-openssl-dev_7.21.0-2_amd64.deb
 a707af526e75a6867a4f79dd4a24d6d6 1076426 libdevel optional 
libcurl4-gnutls-dev_7.21.0-2_amd64.deb
 c5fa5280ad7e1035ec7ea6f6c696feaa 106590 debug extra 
libcurl3-dbg_7.21.0-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4HZboACgkQFyn1hmqfPDhtnQCcDpxvfSmv7iCn/gh9Tn/yjQYh
3wcAn1qz63SAYo2GUjr99fnsREQ2k9ow
=T/Wa
-----END PGP SIGNATURE-----

--- End Message ---