[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1098725: Bug#1098397: bookworm-pu: package curl/7.88.1-10+deb12u10



On Wed, 2025-02-19 at 21:57 -0300, Matheus Polkorny wrote:
> The reason is to fix CVE-2024-11053 [1], when both a `.netrc` file
> for credentials and HTTP redirects are used, curl could leak the
> password from the first host to the redirect target in certain cases.

I'm not sure if either of the sets of changes for these bugs caused the
issue, but the new curl upload FTBFS for both the arch:all and amd64
builds, with test failures:

TESTFAIL: These test cases failed: 320 324 

This is quite reproducible - so far 3 times on "all" and 2 on amd64.

Regards,

Adam


Reply to: