Security update for curl
This update for curl fixes the following issues:
- CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious
server to overwrite a local file when using the -J option (bsc#1173027).
- CVE-2020-8169: Fixed an issue where could have led to partial password leak
over DNS on HTTP redirect (bsc#1173026).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1173026
VUL-0: EMBARGOED: CVE-2020-8169: curl: Partial password leak over DNS on HTTP redirect
bnc#1173027
VUL-0: EMBARGOED: CVE-2020-8177: curl: overwrites local files when using -J (--remote-header-name)
