Discussion:
Processed: bookworm-pu: package curl/7.88.1-10+deb12u9
Add Reply
Debian Bug Tracking System
2025-01-02 00:30:01 UTC
Reply
Permalink
affects -1 + src:curl
Bug #1091888 [release.debian.org] bookworm-pu: package curl/7.88.1-10+deb12u9
Added indication that 1091888 affects src:curl
--
1091888: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091888
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Salvatore Bonaccorso
2025-01-05 20:10:01 UTC
Reply
Permalink
Hi Samuel,
Package: release.debian.org
Control: affects -1 + src:curl
Usertags: pu
Tags: bookworm
Severity: normal
[ Reason ]
I would like to backport wcurl into stable, wcurl is a script which we ship as
part of the curl package on unstable and testing.
wcurl is a command line tool which lets you download URLs without having to
remember any parameters.
https://samueloph.dev/blog/announcing-wcurl-a-curl-wrapper-to-download-files/
https://curl.se/wcurl/
[ Impact ]
Users need to use wcurl from bookworm-backports or wait until the next stable
release.
[ Tests ]
wcurl has unit testing and is shipped and tested in other OSes.
[ Risks ]
wcurl is a POSIX-compliant shell script with 318 lines of code including
comments.
There's a risk here if the user already installed something at /usr/bin/wcurl,
but if that's the case, it's very likely they manually installed wcurl itself.
[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable
[ Changes ]
Install wcurl and wcurl.1 on the curl package.
[ Other info ]
This is not a bugfix, so I will understand if the release team rejects this. I
wanted to at least create the request as I believe it's a good change for stable
users.
Can you include as well the fix for the no-DSA CVE-2024-9681?

Regards,
Salvatore
Samuel Henrique
2025-01-12 15:00:01 UTC
Reply
Permalink
Hello Salvatore,
Post by Salvatore Bonaccorso
Can you include as well the fix for the no-DSA CVE-2024-9681?
We have another bookworm-pu request for this one:
#1092048
https://bugs.debian.org/1092048

We split the changes to make it easier for the release team to review and avoid
more work in case only the CVE fix is approved.

We will also cut another bookworm-pu for CVE-2024-11053, but I don't have a
timeline for that and so I would like the release team to approve #1091888 and
#1092048 in the meantime.

Thanks,
--
Samuel Henrique <samueloph>
Salvatore Bonaccorso
2025-01-12 15:40:01 UTC
Reply
Permalink
Hi Samuel,
Post by Samuel Henrique
Hello Salvatore,
Post by Salvatore Bonaccorso
Can you include as well the fix for the no-DSA CVE-2024-9681?
#1092048
https://bugs.debian.org/1092048
We split the changes to make it easier for the release team to review and avoid
more work in case only the CVE fix is approved.
We will also cut another bookworm-pu for CVE-2024-11053, but I don't have a
timeline for that and so I would like the release team to approve #1091888 and
#1092048 in the meantime.
Yes I realized afterwards (after writing and sending the mail) that
you aimed to have two requests for this purpose, so all fine.

Thank you!

Regards,
Salvatore
Debian Bug Tracking System
2025-01-17 16:50:01 UTC
Reply
Permalink
Your message dated Fri, 17 Jan 2025 16:41:48 +0000
with message-id <***@powdarrmonkey.net>
and subject line Re: Bug#1091888: bookworm-pu: package curl/7.88.1-10+deb12u9
has caused the Debian Bug report #1091888,
regarding bookworm-pu: package curl/7.88.1-10+deb12u9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)
--
1091888: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091888
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...