| Package | curl |
|---|---|
| Version | 7.38.0-4+deb8u17 |
| Related CVEs | CVE-2020-8177 |
A vulnerability was found in curl, a command line tool for transferring data with URL syntax.
When using when using -J (–remote-header-name) and -i (–include) in the same command line, a malicious server could force curl to overwrite the contents of local files with incoming HTTP headers.
For Debian 8 jessie, these problems have been fixed in version 7.38.0-4+deb8u17.
We recommend that you upgrade your curl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.