ELA-284-1 curl security update
ELA-284-1 curl security update
Package curl
Version 7.38.0-4+deb8u18
Related CVEs CVE-2020-8231
An issue has been found in curl, a command line tool for transferring data with URL syntax. In rare circumstances, when using the multi API of curl in combination with CURLOPT_CONNECT_ONLY, the wrong connection might be used when transfering data later.
For Debian 8 jessie, these problems have been fixed in version 7.38.0-4+deb8u18.
We recommend that you upgrade your curl packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
A curl security update has been released for Debian GNU/Linux 10 to address a rare issue when using the multi API of curl in combination with CURLOPT_CONNECT_ONLY.