1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1098725: bookworm-pu: package curl/7.88.1-10+deb12u11

    From Adam D. Barratt@21:1/5 to Dr. Tobias Quathamer on Fri Mar 7 16:50:01 2025
    XPost: linux.debian.devel.release

    Control: tags -1 + confirmed

    On Sun, 2025-02-23 at 13:17 +0100, Dr. Tobias Quathamer wrote:
    This update fixes CVE-2025-0167.

    [ Impact ]
    When asked to use a .netrc file for credentials and to follow HTTP
    redirects, curl could leak the password used for the first host to
    the followed-to host under certain circumstances. This flaw only
    manifests itself if the netrc file has a default entry that omits
    both login and password.

    Please go ahead.

    Regards,

    Adam

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam D Barratt@21:1/5 to All on Sat Mar 8 19:50:02 2025
    XPost: linux.debian.devel.release

    package release.debian.org
    tags 1098725 = bookworm pending
    thanks

    Hi,

    The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

    Thanks for your contribution!

    Upload details
    ==============

    Package: curl
    Version: 7.88.1-10+deb12u11

    Explanation: fix possible credentials leakage issue [CVE-2025-0167]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam D Barratt@21:1/5 to All on Sun Mar 9 13:50:02 2025
    XPost: linux.debian.devel.release

    package release.debian.org
    tags 1098725 = bookworm pending
    thanks

    Hi,

    The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

    Thanks for your contribution!

    Upload details
    ==============

    Package: curl
    Version: 7.88.1-10+deb12u12

    Explanation: fix test failures due to port clashes

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)