I see a related fix already on salsa.

From upstream report[1]:

> Affected versions: curl 6.5 to and including 8.11.0
> Not affected versions: curl < 6.5 and >= 8.11.1

The top of changelog on salsa[2]:

> curl (8.11.1-1) UNRELEASED; urgency=medium
>   [ Samuel Henrique ]
>   * New upstream version 8.11.1
>     - Fix CVE-2024-11053: netrc and redirect credential leak (closes:
> #1089682)

Thanks Samuel!

1: https://curl.se/docs/CVE-2024-11053.html
2: 
https://salsa.debian.org/debian/curl/-/blob/debian/unstable/debian/changelog?ref_type=heads

-Marco

Reply via email to