Bug#1098397: bookworm-pu: package curl/7.88.1-10+deb12u10

To: Matheus Polkorny <mpolkorny@gmail.com>, 1098397@bugs.debian.org
Subject: Bug#1098397: bookworm-pu: package curl/7.88.1-10+deb12u10
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 07 Mar 2025 15:39:48 +0000
Message-id: <[🔎] 8b1d7adb580ebcd6ebb470de454dca93f2a6fbe6.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1098397@bugs.debian.org
In-reply-to: <174001305398.841844.10335542488929474374.reportbug@polkorny>
References: <174001305398.841844.10335542488929474374.reportbug@polkorny> <174001305398.841844.10335542488929474374.reportbug@polkorny>

Control: tags -1 + confirmed

On Wed, 2025-02-19 at 21:57 -0300, Matheus Polkorny wrote:
> The reason is to fix CVE-2024-11053 [1], when both a `.netrc` file
> for credentials and HTTP redirects are used, curl could leak the
> password from the first host to the redirect target in certain cases.

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#1098397: bookworm-pu: package curl/7.88.1-10+deb12u10
Next by Date: Processed: Re: Bug#1098725: bookworm-pu: package curl/7.88.1-10+deb12u11
Previous by thread: Processed: Re: Bug#1098308: bookworm-pu: package node-js-sdsl/4.1.4-2+deb12u1
Next by thread: Processed: Re: Bug#1098397: bookworm-pu: package curl/7.88.1-10+deb12u10
Index(es):
- Date
- Thread