| Package | curl |
|---|---|
| Version | 7.52.1-5+deb9u24 (stretch), 7.64.0-4+deb10u12 (buster) |
The fix for CVE-2023-27534 in curl made the handling of tilde (~) way more strict in sftp mode and caused a regression when trying to list the home dir with sftp://host/~.
For Debian 10 buster, these problems have been fixed in version 7.64.0-4+deb10u12.
For Debian 9 stretch, these problems have been fixed in version 7.52.1-5+deb9u24.
We recommend that you upgrade your curl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.