[arch-security] [ASA-201602-4] lib32-curl: authentication bypass