I see a related fix already on salsa. From upstream report[1]:
> Affected versions: curl 6.5 to and including 8.11.0 > Not affected versions: curl < 6.5 and >= 8.11.1 The top of changelog on salsa[2]: > curl (8.11.1-1) UNRELEASED; urgency=medium > [ Samuel Henrique ] > * New upstream version 8.11.1 > - Fix CVE-2024-11053: netrc and redirect credential leak (closes: > #1089682) Thanks Samuel! 1: https://curl.se/docs/CVE-2024-11053.html 2: https://salsa.debian.org/debian/curl/-/blob/debian/unstable/debian/changelog?ref_type=heads -Marco