Debian Security Advisory DSA 2023-1 (curl)

The remote host is missing an update to curl announced via advisory DSA 2023-1.

Wesley Miaw discovered that libcurl, a multi-protocol file transfer library, is prone to a buffer overflow via the callback function when an application relies on libcurl to automatically uncompress data. Note that this only affects applications that trust libcurl's maximum limit for a fixed buffer size and do not perform any sanity checks themselves. For the stable distribution (lenny), this problem has been fixed in version 7.18.2-8lenny4. Due to a problem with the archive software, we are unable to release all architectures simultaneously. Binaries for the hppa, ia64, mips, mipsel and s390 architectures will be provided once they are available. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 7.20.0-1. We recommend that you upgrade your curl packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202023-1