Source: curl Version: 8.11.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 7.88.1-10+deb12u5 Control: found -1 7.88.1-10 Control: found -1 7.74.0-1.3+deb11u14 Control: found -1 7.74.0-1.3
Hi, The following vulnerability was published for curl. CVE-2024-11053[0]: | When asked to both use a `.netrc` file for credentials and to follow | HTTP redirects, curl could leak the password used for the first host | to the followed-to host under certain circumstances. This flaw only | manifests itself if the netrc file has an entry that matches the | redirect target hostname but the entry either omits just the | password or omits both login and password. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-11053 https://www.cve.org/CVERecord?id=CVE-2024-11053 [1] https://curl.se/docs/CVE-2024-11053.html Regards, Salvatore
