A vulnerability in the versions of curl used in VL 5.9, VL 5.9.1 and VL 6.0 can allow files to be redirected in an inappropriate way. For details see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
New packages close this vulnerability.UPDATE:
New curl packages for VL 5.9, VL 5.9.1 and VL 6.0 are now available in the testing repository. They will be moved to patches once we have had adequate user testing.