Ubuntu Security Notice 4903-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information.
02c8361a95e70f06ae715eb14ee9a526a590f4cc220b11e1c03c911317a1febf