Debian Linux Security Advisory 5587-1 - Two security issues were discovered in Curl: Cookies were incorrectly validated against the public suffix list of domains and in same cases HSTS data could fail to save to disk.
ee8b5da3ccedc4ad611c77989a7b82094859da7f9354c5d153f42704a855a11a
Ubuntu Security Notice 6535-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. Maksymilian Arciemowicz discovered that curl incorrectly handled long file names when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.
ca215c083aa04234eeac9747474bc5e11097cdc295d4a17e21b08c44522bcfd5