-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2009.1205
        New curl packages fix SSL certificate verification weakness
                              20 August 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           curl
Publisher:         Debian
Operating System:  Debian GNU/Linux 5
                   Debian GNU/Linux 4
Impact/Access:     Provide Misleading Information -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-2417  

Reference:         ESB-2009.1186

Original Bulletin: 
   http://www.debian.org/security/2009/dsa-1869

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA-1869-1                    security@debian.org
http://www.debian.org/security/                                 Nico Golde
August 19th, 2009                       http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : curl
Vulnerability  : insufficient input validation
Problem type   : remote
Debian-specific: no
Debian bug     : 541991
CVE ID         : CVE-2009-2417

It was discovered that curl, a client and library to get files from servers
using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against
SSL/TLS Certificates" recently published at the Blackhat conference.  This
allows an attacker to perform undetected man-in-the-middle attacks via a
crafted ITU-T X.509 certificate with an injected null byte in the Common
Name field.


For the oldstable distribution (etch), this problem has been fixed in
version 7.15.5-1etch3.

For the stable distribution (lenny), this problem has been fixed in
version 7.18.2-8lenny3.

For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.


We recommend that you upgrade your curl packages.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Debian (oldstable)
- - ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3.diff.gz
    Size/MD5 checksum:    20848 22dce2fb112906acd2e76df82944f142
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
    Size/MD5 checksum:  1897973 61997c0d852d38c3a85b445f4fc02892
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3.dsc
    Size/MD5 checksum:      956 4f03313c10cd1ec65210f1100a131e9f

Architecture independent packages:

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch3_all.deb
    Size/MD5 checksum:    22324 7619264c8f7e53dc59a7e69230c676b5

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_alpha.deb
    Size/MD5 checksum:   823424 d3d084cf7ccddfebd627de8609850096
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_alpha.deb
    Size/MD5 checksum:   816330 6fb28fafc75898049bd7226e60a28c7e
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_alpha.deb
    Size/MD5 checksum:   182050 936d5870de61974aef21011a2da57747
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_alpha.deb
    Size/MD5 checksum:   811900 daa9077f99711ca6d575e90fe004d632
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_alpha.deb
    Size/MD5 checksum:   166818 6ba797a423a742377851db81da0489cb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_alpha.deb
    Size/MD5 checksum:   175416 bd25fa6d94404424ae1357cf48041707

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_amd64.deb
    Size/MD5 checksum:   163976 1c79712071486c997e73fd35a4eb0336
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_amd64.deb
    Size/MD5 checksum:   778648 e153b2bd7dce8074f567ed33e1ef216c
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_amd64.deb
    Size/MD5 checksum:   824510 3492a7bd3567e3e67aff98be386f3a7a
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_amd64.deb
    Size/MD5 checksum:   771278 09f1f1c8c5bf1131f283489eb19bea86
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_amd64.deb
    Size/MD5 checksum:   171372 eadeb465edb9926433190a908690b826
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_amd64.deb
    Size/MD5 checksum:   165714 13e4041382c7e0020ce5b8899aea849e

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_arm.deb
    Size/MD5 checksum:   783540 57a19c0995e99f1e3772c6580666e6b4
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_arm.deb
    Size/MD5 checksum:   757016 f79f0930f7d10e6e4c3429be15985bb6
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_arm.deb
    Size/MD5 checksum:   160382 b3564444217dac4e915942b31d9b350b
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_arm.deb
    Size/MD5 checksum:   162466 efde9a4c89e98d95caf65f5c022565f8
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_arm.deb
    Size/MD5 checksum:   761008 999d5239e559ac6eaab2d57f4f775564
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_arm.deb
    Size/MD5 checksum:   166120 4e49cb3a1fb7fe0ffb76cd229b2540fb

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_hppa.deb
    Size/MD5 checksum:   179010 7cc2d6c3a74e16c5ca43255a6da8eb15
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_hppa.deb
    Size/MD5 checksum:   791294 a85d121cb7b254bd56a2c327eb17ea8a
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_hppa.deb
    Size/MD5 checksum:   815272 279b123045458876f7ed6d195dd58086
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_hppa.deb
    Size/MD5 checksum:   798968 226d8db08d0e3ac853c70923ec7ea1af
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_hppa.deb
    Size/MD5 checksum:   164958 64da95e6a6b8fbde6fd2c8a0258f0052
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_hppa.deb
    Size/MD5 checksum:   184480 2e27e166f23fe0741e5d46be793c7312

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_i386.deb
    Size/MD5 checksum:   168954 6a18507725024ae8b602639cdf22f9f9
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_i386.deb
    Size/MD5 checksum:   163372 05652e67be411d965be06bd0fb6333a0
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_i386.deb
    Size/MD5 checksum:   800504 b5b06f0f0141f6090deace3c98b332b9
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_i386.deb
    Size/MD5 checksum:   760600 c985101fe699ee6130de8d9cffbee52a
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_i386.deb
    Size/MD5 checksum:   765500 dcd4999220526ec92d170e7c9145ba64
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_i386.deb
    Size/MD5 checksum:   163746 beaba367b895027d01adda2d6a1e561e

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_ia64.deb
    Size/MD5 checksum:   225602 6c46969a4bbbc93b6aab3d6769c552a4
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_ia64.deb
    Size/MD5 checksum:   174560 a69c57fb5038b1826fc1cde0318c504d
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_ia64.deb
    Size/MD5 checksum:   217580 46c94cb97734f1ab01ed0542e50a7498
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_ia64.deb
    Size/MD5 checksum:   811436 5db044e29d8c13b3d43758ce1f82262a
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_ia64.deb
    Size/MD5 checksum:   848804 f8a0ffe4889cf51523fb90bfe95a015e
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_ia64.deb
    Size/MD5 checksum:   838664 8d5a2b31ddeff034e5a193e6906c6254

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_mips.deb
    Size/MD5 checksum:   164100 737602a69c911b74f458634ac329e890
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_mips.deb
    Size/MD5 checksum:   170830 21cb901bc35ffa6f862ca2e875668a26
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_mips.deb
    Size/MD5 checksum:   832060 586cbf7c31f7ee8cd29c6fbc62a1bf89
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_mips.deb
    Size/MD5 checksum:   165546 d2c0a66e04f4c2cfeadfc743c18f8a4e
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_mips.deb
    Size/MD5 checksum:   784408 74c93f4364c6c79a13f05e23b20e6d1d
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_mips.deb
    Size/MD5 checksum:   792646 c4bd36c3e0d5bc3fbed3dc51aec74575

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_powerpc.deb
    Size/MD5 checksum:   174016 120d54122ce0e08a02d4e7bb58df6c6d
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_powerpc.deb
    Size/MD5 checksum:   169194 1ec08ce0b5953f4f616c806d277181d6
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_powerpc.deb
    Size/MD5 checksum:   782110 256f3711a3b539090fb90cc0a41bd442
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_powerpc.deb
    Size/MD5 checksum:   774550 bccb71df51ee6094481d2306195d4c8e
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_powerpc.deb
    Size/MD5 checksum:   841688 55278bb1658854776a61f77f4b1bcb45
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_powerpc.deb
    Size/MD5 checksum:   165210 e1be7594ccc9c1645037c15cf859c4be

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_s390.deb
    Size/MD5 checksum:   768990 98a1d01a53f70c249455e3a849c8a456
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_s390.deb
    Size/MD5 checksum:   774796 c69f7c13fdd37b205642e3f45aa87c88
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_s390.deb
    Size/MD5 checksum:   172518 fee87f8f98a4c1d3609fa49c9e888cc5
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_s390.deb
    Size/MD5 checksum:   836542 84b0d2e1492e6b4d696270006f4dbb3b
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_s390.deb
    Size/MD5 checksum:   163254 bb54f021831d1dd072b2d8919d1b2576
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_s390.deb
    Size/MD5 checksum:   180012 74af01e85e55561d55c5a4087e678b3d


Debian GNU/Linux 5.0 alias lenny
- - --------------------------------

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3.dsc
    Size/MD5 checksum:     1418 3e5ef96b6eb6a82f64e1cf64e1875993
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3.diff.gz
    Size/MD5 checksum:    28454 487521b6a73326007edf8fc4c9d78237
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
    Size/MD5 checksum:  2273077 4fe99398a64a34613c9db7bd61bf6e3c

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_alpha.deb
    Size/MD5 checksum:  1149980 caa24a91a4e242c19ac7120f8cbb9564
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_alpha.deb
    Size/MD5 checksum:   241738 1b653885409694b6b2f6d5ecea40a714
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_alpha.deb
    Size/MD5 checksum:   957848 bbca6721f53b6fc7f56ae1117fc6df38
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_alpha.deb
    Size/MD5 checksum:   211312 f73edcebe4b85770d9bd22c7f2ee3cc6
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_alpha.deb
    Size/MD5 checksum:   224490 5d9996b620874c158c7720fe2b5e2e2f
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_alpha.deb
    Size/MD5 checksum:   986084 56f1c9c3ecca95f1d497a13f182111be

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_amd64.deb
    Size/MD5 checksum:   951970 1c49faf2e628f2c336be48beb5188afa
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_amd64.deb
    Size/MD5 checksum:   209390 ca551875a2c6b5da345a975026fab4bb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_amd64.deb
    Size/MD5 checksum:  1180282 678d1e653eeb162ca227ff3c2edf8bc1
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_amd64.deb
    Size/MD5 checksum:   231304 4388ed20c067994e775435a981afc5e4
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_amd64.deb
    Size/MD5 checksum:   214794 4bfea4f769972eada3bf7a28871351a9
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_amd64.deb
    Size/MD5 checksum:   931502 6e677616ca0e25dd94e710380ed99082

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_arm.deb
    Size/MD5 checksum:   922154 d1219a545fbab4fdbb674a92c2088e4c
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_arm.deb
    Size/MD5 checksum:   208170 f5950a599590ac20776393c106e22fbb
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_arm.deb
    Size/MD5 checksum:   222706 6b094a26e6dd849761655fc990fc4b74
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_arm.deb
    Size/MD5 checksum:   207336 f43cb3b645344bf02f5b533a97a96e54
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_arm.deb
    Size/MD5 checksum:  1146160 46a0413f121d5bd2fbae5caf19f12015
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_arm.deb
    Size/MD5 checksum:   902906 5663d793c2e43f56e738ce0620d0bce7

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_armel.deb
    Size/MD5 checksum:   208822 0ffd433e89a8928dfa0fa36f58aa1746
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_armel.deb
    Size/MD5 checksum:   904292 d8a2bc69b5cc37892bffbf18a4aa427c
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_armel.deb
    Size/MD5 checksum:   208570 a8e9ca088cad9fce79345e2593c5dbdf
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_armel.deb
    Size/MD5 checksum:   923260 1dc3bb027b59487d03dc212ab9d94601
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_armel.deb
    Size/MD5 checksum:  1151348 acf8d31cfe84538543e80eef3edac651
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_armel.deb
    Size/MD5 checksum:   224330 8ab970c56f2d040857e5c4c1a891dcf5

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_hppa.deb
    Size/MD5 checksum:   940864 900dee76bb3f4b7a4bcb0d2b1724cc5b
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_hppa.deb
    Size/MD5 checksum:   244712 f0502b102e1affd605fd09ed838af457
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_hppa.deb
    Size/MD5 checksum:   227478 548089381ebef170db7fea380e0218a3
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_hppa.deb
    Size/MD5 checksum:   209918 7a588b6764b86a1320b075021a0b57d8
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_hppa.deb
    Size/MD5 checksum:  1172950 12169fff82d48d9ffc7670830957c08b
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_hppa.deb
    Size/MD5 checksum:   962556 551792e71ee9b05e674ce445fdd284e0

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_i386.deb
    Size/MD5 checksum:   208244 446a57e6e2e44873d5decb53664487ee
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_i386.deb
    Size/MD5 checksum:   210572 edf24dcdf578372ed56b4b50253d8efd
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_i386.deb
    Size/MD5 checksum:   904232 97c8a920da06151ddace76362d93c5bf
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_i386.deb
    Size/MD5 checksum:   923418 15eb587c5e4e9d03f04cb34b41ba1f02
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_i386.deb
    Size/MD5 checksum:  1154454 8f6660dcfaaaba68875fc205181bc466
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_i386.deb
    Size/MD5 checksum:   227828 bb3491d196d2e789259743a6e636764a

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_ia64.deb
    Size/MD5 checksum:   274160 f7aed9260c1bb7bcaf1031de11ca67af
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_ia64.deb
    Size/MD5 checksum:   222404 2afd1910d1015b8bf77da9a52df166c6
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_ia64.deb
    Size/MD5 checksum:   296446 ea8127f4f7a2ff76be325403c60c0c1f
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_ia64.deb
    Size/MD5 checksum:  1165656 999913cc8b0d1af5c523cb3079851520
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_ia64.deb
    Size/MD5 checksum:  1019536 337eec609d599e65e113ac7eee4ca0c9
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_ia64.deb
    Size/MD5 checksum:   991486 8938c59866ae526410491a780927e9d8

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_mips.deb
    Size/MD5 checksum:  1193466 4f562e89f5addb2a719d97a21166895c
  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_mips.deb
    Size/MD5 checksum:   209006 e1942befe7ed6513b65a3070637e1812
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_mips.deb
    Size/MD5 checksum:   212766 f94bfe38e257dd9e777d4c9c620bf99d
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_mips.deb
    Size/MD5 checksum:   228068 5b655491c80b0c2bddfbe5d1330b00a6
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_mips.deb
    Size/MD5 checksum:   929280 5305e40142bc720d1e5458207afc2499
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_mips.deb
    Size/MD5 checksum:   950506 caccbcba6e90e2a14f7fcffc06216317

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_powerpc.deb
    Size/MD5 checksum:   212814 6f1b0a867b49907b4bcc2037766663e3
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_powerpc.deb
    Size/MD5 checksum:  1180056 a8bb69a4b644d401d314c80987f3dfb3
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_powerpc.deb
    Size/MD5 checksum:   922336 f7534e6adb555e469f5dd649708aa36b
  http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_powerpc.deb
    Size/MD5 checksum:   222738 953b67dcacfe19ef23ed49a98bca2c01
  http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_powerpc.deb
    Size/MD5 checksum:   941174 0317b87d2054f2be24b86e77c85770be
  http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_powerpc.deb
    Size/MD5 checksum:   238364 a250c70bd11ee88e92ac9ede3761fa38


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqMbP4ACgkQHYflSXNkfP/xgQCgql3Z84Y/TXcKjwbLq7v8HZzb
NyMAn3UcjfScBR+hvDtPivdn3kqIrvvX
=brFW
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://www.auscert.org.au/1967

iD8DBQFKjJr/NVH5XJJInbgRAmzgAJwJ3eZ6yUOf4N8fTgYn9q2qoAE/tACbB5/s
W1EuG7WoOSzjHdKn1/Z81Z4=
=XSdQ
-----END PGP SIGNATURE-----