mirror of
https://git.yoctoproject.org/poky
synced 2026-02-26 19:39:40 +01:00
022d6ec767
When asked to use a `.netrc` file for credentials *and* to
follow HTTP redirects, curl could leak the password used
for the first host to the followed-to host under certain
circumstances.
This flaw only manifests itself if the netrc file has a
`default` entry that omits both login and password. A
rare circumstance.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-0167
Upstream patch:
0e120c5b92
(From OE-Core rev: 7c5aee3066e4c8056d994cd50b26c18a16316c96)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>