Publishing details

Changelog

curl (7.74.0-1ubuntu2) hirsute; urgency=medium

  * SECURITY UPDATE: data leak via referer header field
    - debian/patches/CVE-2021-22876.patch: strip credentials from the
      auto-referer header field in lib/transfer.c.
    - CVE-2021-22876
  * SECURITY UPDATE: TLS 1.3 session ticket proxy host mixup
    - debian/patches/CVE-2021-22890.patch: make sure we set and extract the
      correct session in lib/vtls/*.
    - CVE-2021-22890

 -- Marc Deslauriers <email address hidden>  Tue, 06 Apr 2021 08:43:24 -0400

Available diffs

Builds

Package files