Debian 10230 Published by

Updated curl packages has been released for Debian GNU/Linux 7 LTS



Package : curl
Version : 7.26.0-1+wheezy21
CVE ID : CVE-2017-1000254
Debian Bug : #877671

It was discovered that there was a out-of-bounds read vulnerability in
curl, a command-line and library for transferring data over HTTP/FTP,
etc. A malicious FTP server could abuse this to prevent curl-based
clients from interacting with it.

See https://curl.haxx.se/docs/adv_20171004.html for more details.

For Debian 7 "Wheezy", this issue has been fixed in curl version
7.26.0-1+wheezy21.

We recommend that you upgrade your curl packages.