CVE-2025-0665

libcurl would wrongly close the same eventfd file descriptor twice when takingdown a connection channel after having completed a threaded name resolve.

CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTPredirects, curl could leak the password used for the first host to thefollowed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry thatomits both login and password. A rare circu...