DSA 1869-1: New curl packages fix SSL certificate verification weakness
Posted on: 08/20/2009 12:35 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1869-1 security@debian.org
http://www.debian.org/security/ Nico Golde
August 19th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : curl
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
Debian bug : 541991
CVE ID : CVE-2009-2417

It was discovered that curl, a client and library to get files from servers
using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against
SSL/TLS Certificates" recently published at the Blackhat conference. This
allows an attacker to perform undetected man-in-the-middle attacks via a
crafted ITU-T X.509 certificate with an injected null byte in the Common
Name field.


For the oldstable distribution (etch), this problem has been fixed in
version 7.15.5-1etch3.

For the stable distribution (lenny), this problem has been fixed in
version 7.18.2-8lenny3.

For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.


We recommend that you upgrade your curl packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3.diff.gz
Size/MD5 checksum: 20848 22dce2fb112906acd2e76df82944f142
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
Size/MD5 checksum: 1897973 61997c0d852d38c3a85b445f4fc02892
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3.dsc
Size/MD5 checksum: 956 4f03313c10cd1ec65210f1100a131e9f

Architecture independent packages:

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch3_all.deb
Size/MD5 checksum: 22324 7619264c8f7e53dc59a7e69230c676b5

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_alpha.deb
Size/MD5 checksum: 823424 d3d084cf7ccddfebd627de8609850096
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_alpha.deb
Size/MD5 checksum: 816330 6fb28fafc75898049bd7226e60a28c7e
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_alpha.deb
Size/MD5 checksum: 182050 936d5870de61974aef21011a2da57747
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_alpha.deb
Size/MD5 checksum: 811900 daa9077f99711ca6d575e90fe004d632
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_alpha.deb
Size/MD5 checksum: 166818 6ba797a423a742377851db81da0489cb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_alpha.deb
Size/MD5 checksum: 175416 bd25fa6d94404424ae1357cf48041707

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_amd64.deb
Size/MD5 checksum: 163976 1c79712071486c997e73fd35a4eb0336
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_amd64.deb
Size/MD5 checksum: 778648 e153b2bd7dce8074f567ed33e1ef216c
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_amd64.deb
Size/MD5 checksum: 824510 3492a7bd3567e3e67aff98be386f3a7a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_amd64.deb
Size/MD5 checksum: 771278 09f1f1c8c5bf1131f283489eb19bea86
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_amd64.deb
Size/MD5 checksum: 171372 eadeb465edb9926433190a908690b826
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_amd64.deb
Size/MD5 checksum: 165714 13e4041382c7e0020ce5b8899aea849e

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_arm.deb
Size/MD5 checksum: 783540 57a19c0995e99f1e3772c6580666e6b4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_arm.deb
Size/MD5 checksum: 757016 f79f0930f7d10e6e4c3429be15985bb6
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_arm.deb
Size/MD5 checksum: 160382 b3564444217dac4e915942b31d9b350b
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_arm.deb
Size/MD5 checksum: 162466 efde9a4c89e98d95caf65f5c022565f8
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_arm.deb
Size/MD5 checksum: 761008 999d5239e559ac6eaab2d57f4f775564
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_arm.deb
Size/MD5 checksum: 166120 4e49cb3a1fb7fe0ffb76cd229b2540fb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_hppa.deb
Size/MD5 checksum: 179010 7cc2d6c3a74e16c5ca43255a6da8eb15
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_hppa.deb
Size/MD5 checksum: 791294 a85d121cb7b254bd56a2c327eb17ea8a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_hppa.deb
Size/MD5 checksum: 815272 279b123045458876f7ed6d195dd58086
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_hppa.deb
Size/MD5 checksum: 798968 226d8db08d0e3ac853c70923ec7ea1af
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_hppa.deb
Size/MD5 checksum: 164958 64da95e6a6b8fbde6fd2c8a0258f0052
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_hppa.deb
Size/MD5 checksum: 184480 2e27e166f23fe0741e5d46be793c7312

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_i386.deb
Size/MD5 checksum: 168954 6a18507725024ae8b602639cdf22f9f9
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_i386.deb
Size/MD5 checksum: 163372 05652e67be411d965be06bd0fb6333a0
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_i386.deb
Size/MD5 checksum: 800504 b5b06f0f0141f6090deace3c98b332b9
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_i386.deb
Size/MD5 checksum: 760600 c985101fe699ee6130de8d9cffbee52a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_i386.deb
Size/MD5 checksum: 765500 dcd4999220526ec92d170e7c9145ba64
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_i386.deb
Size/MD5 checksum: 163746 beaba367b895027d01adda2d6a1e561e

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_ia64.deb
Size/MD5 checksum: 225602 6c46969a4bbbc93b6aab3d6769c552a4
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_ia64.deb
Size/MD5 checksum: 174560 a69c57fb5038b1826fc1cde0318c504d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_ia64.deb
Size/MD5 checksum: 217580 46c94cb97734f1ab01ed0542e50a7498
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_ia64.deb
Size/MD5 checksum: 811436 5db044e29d8c13b3d43758ce1f82262a
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_ia64.deb
Size/MD5 checksum: 848804 f8a0ffe4889cf51523fb90bfe95a015e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_ia64.deb
Size/MD5 checksum: 838664 8d5a2b31ddeff034e5a193e6906c6254

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_mips.deb
Size/MD5 checksum: 164100 737602a69c911b74f458634ac329e890
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_mips.deb
Size/MD5 checksum: 170830 21cb901bc35ffa6f862ca2e875668a26
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_mips.deb
Size/MD5 checksum: 832060 586cbf7c31f7ee8cd29c6fbc62a1bf89
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_mips.deb
Size/MD5 checksum: 165546 d2c0a66e04f4c2cfeadfc743c18f8a4e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_mips.deb
Size/MD5 checksum: 784408 74c93f4364c6c79a13f05e23b20e6d1d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_mips.deb
Size/MD5 checksum: 792646 c4bd36c3e0d5bc3fbed3dc51aec74575

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_powerpc.deb
Size/MD5 checksum: 174016 120d54122ce0e08a02d4e7bb58df6c6d
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_powerpc.deb
Size/MD5 checksum: 169194 1ec08ce0b5953f4f616c806d277181d6
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_powerpc.deb
Size/MD5 checksum: 782110 256f3711a3b539090fb90cc0a41bd442
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_powerpc.deb
Size/MD5 checksum: 774550 bccb71df51ee6094481d2306195d4c8e
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_powerpc.deb
Size/MD5 checksum: 841688 55278bb1658854776a61f77f4b1bcb45
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_powerpc.deb
Size/MD5 checksum: 165210 e1be7594ccc9c1645037c15cf859c4be

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_s390.deb
Size/MD5 checksum: 768990 98a1d01a53f70c249455e3a849c8a456
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_s390.deb
Size/MD5 checksum: 774796 c69f7c13fdd37b205642e3f45aa87c88
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_s390.deb
Size/MD5 checksum: 172518 fee87f8f98a4c1d3609fa49c9e888cc5
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_s390.deb
Size/MD5 checksum: 836542 84b0d2e1492e6b4d696270006f4dbb3b
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_s390.deb
Size/MD5 checksum: 163254 bb54f021831d1dd072b2d8919d1b2576
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_s390.deb
Size/MD5 checksum: 180012 74af01e85e55561d55c5a4087e678b3d


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3.dsc
Size/MD5 checksum: 1418 3e5ef96b6eb6a82f64e1cf64e1875993
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3.diff.gz
Size/MD5 checksum: 28454 487521b6a73326007edf8fc4c9d78237
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
Size/MD5 checksum: 2273077 4fe99398a64a34613c9db7bd61bf6e3c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_alpha.deb
Size/MD5 checksum: 1149980 caa24a91a4e242c19ac7120f8cbb9564
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_alpha.deb
Size/MD5 checksum: 241738 1b653885409694b6b2f6d5ecea40a714
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_alpha.deb
Size/MD5 checksum: 957848 bbca6721f53b6fc7f56ae1117fc6df38
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_alpha.deb
Size/MD5 checksum: 211312 f73edcebe4b85770d9bd22c7f2ee3cc6
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_alpha.deb
Size/MD5 checksum: 224490 5d9996b620874c158c7720fe2b5e2e2f
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_alpha.deb
Size/MD5 checksum: 986084 56f1c9c3ecca95f1d497a13f182111be

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_amd64.deb
Size/MD5 checksum: 951970 1c49faf2e628f2c336be48beb5188afa
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_amd64.deb
Size/MD5 checksum: 209390 ca551875a2c6b5da345a975026fab4bb
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_amd64.deb
Size/MD5 checksum: 1180282 678d1e653eeb162ca227ff3c2edf8bc1
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_amd64.deb
Size/MD5 checksum: 231304 4388ed20c067994e775435a981afc5e4
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_amd64.deb
Size/MD5 checksum: 214794 4bfea4f769972eada3bf7a28871351a9
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_amd64.deb
Size/MD5 checksum: 931502 6e677616ca0e25dd94e710380ed99082

arm architecture (ARM)

http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_arm.deb
Size/MD5 checksum: 922154 d1219a545fbab4fdbb674a92c2088e4c
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_arm.deb
Size/MD5 checksum: 208170 f5950a599590ac20776393c106e22fbb
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_arm.deb
Size/MD5 checksum: 222706 6b094a26e6dd849761655fc990fc4b74
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_arm.deb
Size/MD5 checksum: 207336 f43cb3b645344bf02f5b533a97a96e54
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_arm.deb
Size/MD5 checksum: 1146160 46a0413f121d5bd2fbae5caf19f12015
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_arm.deb
Size/MD5 checksum: 902906 5663d793c2e43f56e738ce0620d0bce7

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_armel.deb
Size/MD5 checksum: 208822 0ffd433e89a8928dfa0fa36f58aa1746
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_armel.deb
Size/MD5 checksum: 904292 d8a2bc69b5cc37892bffbf18a4aa427c
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_armel.deb
Size/MD5 checksum: 208570 a8e9ca088cad9fce79345e2593c5dbdf
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_armel.deb
Size/MD5 checksum: 923260 1dc3bb027b59487d03dc212ab9d94601
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_armel.deb
Size/MD5 checksum: 1151348 acf8d31cfe84538543e80eef3edac651
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_armel.deb
Size/MD5 checksum: 224330 8ab970c56f2d040857e5c4c1a891dcf5

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_hppa.deb
Size/MD5 checksum: 940864 900dee76bb3f4b7a4bcb0d2b1724cc5b
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_hppa.deb
Size/MD5 checksum: 244712 f0502b102e1affd605fd09ed838af457
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_hppa.deb
Size/MD5 checksum: 227478 548089381ebef170db7fea380e0218a3
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_hppa.deb
Size/MD5 checksum: 209918 7a588b6764b86a1320b075021a0b57d8
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_hppa.deb
Size/MD5 checksum: 1172950 12169fff82d48d9ffc7670830957c08b
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_hppa.deb
Size/MD5 checksum: 962556 551792e71ee9b05e674ce445fdd284e0

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_i386.deb
Size/MD5 checksum: 208244 446a57e6e2e44873d5decb53664487ee
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_i386.deb
Size/MD5 checksum: 210572 edf24dcdf578372ed56b4b50253d8efd
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_i386.deb
Size/MD5 checksum: 904232 97c8a920da06151ddace76362d93c5bf
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_i386.deb
Size/MD5 checksum: 923418 15eb587c5e4e9d03f04cb34b41ba1f02
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_i386.deb
Size/MD5 checksum: 1154454 8f6660dcfaaaba68875fc205181bc466
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_i386.deb
Size/MD5 checksum: 227828 bb3491d196d2e789259743a6e636764a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_ia64.deb
Size/MD5 checksum: 274160 f7aed9260c1bb7bcaf1031de11ca67af
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_ia64.deb
Size/MD5 checksum: 222404 2afd1910d1015b8bf77da9a52df166c6
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_ia64.deb
Size/MD5 checksum: 296446 ea8127f4f7a2ff76be325403c60c0c1f
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_ia64.deb
Size/MD5 checksum: 1165656 999913cc8b0d1af5c523cb3079851520
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_ia64.deb
Size/MD5 checksum: 1019536 337eec609d599e65e113ac7eee4ca0c9
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_ia64.deb
Size/MD5 checksum: 991486 8938c59866ae526410491a780927e9d8

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_mips.deb
Size/MD5 checksum: 1193466 4f562e89f5addb2a719d97a21166895c
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_mips.deb
Size/MD5 checksum: 209006 e1942befe7ed6513b65a3070637e1812
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_mips.deb
Size/MD5 checksum: 212766 f94bfe38e257dd9e777d4c9c620bf99d
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_mips.deb
Size/MD5 checksum: 228068 5b655491c80b0c2bddfbe5d1330b00a6
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_mips.deb
Size/MD5 checksum: 929280 5305e40142bc720d1e5458207afc2499
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_mips.deb
Size/MD5 checksum: 950506 caccbcba6e90e2a14f7fcffc06216317

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_powerpc.deb
Size/MD5 checksum: 212814 6f1b0a867b49907b4bcc2037766663e3
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_powerpc.deb
Size/MD5 checksum: 1180056 a8bb69a4b644d401d314c80987f3dfb3
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_powerpc.deb
Size/MD5 checksum: 922336 f7534e6adb555e469f5dd649708aa36b
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_powerpc.deb
Size/MD5 checksum: 222738 953b67dcacfe19ef23ed49a98bca2c01
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_powerpc.deb
Size/MD5 checksum: 941174 0317b87d2054f2be24b86e77c85770be
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_powerpc.deb
Size/MD5 checksum: 238364 a250c70bd11ee88e92ac9ede3761fa38


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqMbP4ACgkQHYflSXNkfP/xgQCgql3Z84Y/TXcKjwbLq7v8HZzb
NyMAn3UcjfScBR+hvDtPivdn3kqIrvvX
=brFW
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1869_1_new_curl_packages_fix_ssl_certificate_verification_weakness.html)