Bug#1098725: bookworm-pu: package curl/7.88.1-10+deb12u11
Control: tags -1 + confirmed
On Sun, 2025-02-23 at 13:17 +0100, Dr. Tobias Quathamer wrote:
> This update fixes CVE-2025-0167.
>
> [ Impact ]
> When asked to use a .netrc file for credentials and to follow HTTP
> redirects, curl could leak the password used for the first host to
> the followed-to host under certain circumstances. This flaw only
> manifests itself if the netrc file has a default entry that omits
> both login and password.
Please go ahead.
Regards,
Adam
Reply to: