Control: tags -1 + confirmed On Sun, 2025-02-23 at 13:17 +0100, Dr. Tobias Quathamer wrote: > This update fixes CVE-2025-0167. > > [ Impact ] > When asked to use a .netrc file for credentials and to follow HTTP > redirects, curl could leak the password used for the first host to > the followed-to host under certain circumstances. This flaw only > manifests itself if the netrc file has a default entry that omits > both login and password.
Please go ahead. Regards, Adam
