USN-4903-1: curl vulnerability

Viktor Szakats discovered that curl did not strip off user credentials
from referrer header fields. A remote attacker could possibly use this
issue to obtain sensitive information.