CLSA-2026-1773316090 Fix CVE(s): CVE-2025-14524, CVE-2025-15079
SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set - CVE-2025-14524 SECURITY UPDATE: libssh global knownhosts override - debian/patches/CVE-2025-15079.patch: set...