Bug#1098725: bookworm-pu: package curl/7.88.1-10+deb12u11

To: "Dr. Tobias Quathamer" <toddy@debian.org>, 1098725@bugs.debian.org
Subject: Bug#1098725: bookworm-pu: package curl/7.88.1-10+deb12u11
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 07 Mar 2025 15:41:30 +0000
Message-id: <[🔎] 7aff384ab0c341d8f82465f22f831f3de6b6ae84.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1098725@bugs.debian.org
In-reply-to: <ea1da456-4adb-4b92-83bc-ff984a76cfa5@debian.org>
References: <ea1da456-4adb-4b92-83bc-ff984a76cfa5@debian.org> <ea1da456-4adb-4b92-83bc-ff984a76cfa5@debian.org>

Control: tags -1 + confirmed

On Sun, 2025-02-23 at 13:17 +0100, Dr. Tobias Quathamer wrote:
> This update fixes CVE-2025-0167.
> 
> [ Impact ]
> When asked to use a .netrc file for credentials and to follow HTTP
> redirects, curl could leak the password used for the first host to
> the followed-to host under certain circumstances. This flaw only
> manifests  itself if the netrc file has a default entry that omits
> both login and  password.

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#1098725: bookworm-pu: package curl/7.88.1-10+deb12u11
Next by Date: Bug#1099428: bookworm-pu: package wget/1.21.3-1+deb12u1
Previous by thread: Processed: Re: Bug#1098397: bookworm-pu: package curl/7.88.1-10+deb12u10
Next by thread: Processed: Re: Bug#1098725: bookworm-pu: package curl/7.88.1-10+deb12u11
Index(es):
- Date
- Thread