[Git][security-tracker-team/security-tracker][master] Track fixed version for curl issues via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 10 06:50:15 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7c3b270 by Salvatore Bonaccorso at 2025-02-10T07:49:07+01:00
Track fixed version for curl issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -707,20 +707,20 @@ CVE-2023-52924 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux 5.10.205-1
 	NOTE: https://git.kernel.org/linus/24138933b97b055d486e8064b4a1721702442a9b (6.5-rc6)
 CVE-2025-0167 (When asked to use a `.netrc` file for credentials **and** to follow HT ...)
-	- curl <unfixed>
+	- curl 8.12.0+git20250209.89ed161+ds-1
 	[bullseye] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2025-0167.html
 	NOTE: Introduced with: https://github.com/curl/curl/commit/46620b97431e19c53ce82e55055c85830f088cf4 (curl-7_76_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb (curl-8_12_0)
 CVE-2025-0665 (libcurl would wrongly close the same eventfd file descriptor twice whe ...)
-	- curl <unfixed>
+	- curl 8.12.0+git20250209.89ed161+ds-1
 	[bookworm] - curl <not-affected> (Vulnerable code not present)
 	[bullseye] - curl <not-affected> (Vulnerable code not present)
 	NOTE: https://curl.se/docs/CVE-2025-0665.html
 	NOTE: Introduced with: https://github.com/curl/curl/commit/92124838c6b7e09e3f35ff84e1eb63cf0105c9b5 (curl-8_11_1)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2 (curl-8_12_0)
 CVE-2025-0725 (When libcurl is asked to perform automatic gzip decompression of conte ...)
-	- curl <unfixed> (unimportant)
+	- curl 8.12.0+git20250209.89ed161+ds-1 (unimportant)
 	NOTE: https://curl.se/docs/CVE-2025-0725.html
 	NOTE: Introduced with: https://github.com/curl/curl/commit/019c4088cfcca0d2b7c5cc4f52ca5dac0c616089 (curl-7_10_5)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7fe141010077eb88 (curl-8_12_0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c3b270857d2b72cf9dc2661b6a04c883847695

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c3b270857d2b72cf9dc2661b6a04c883847695
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250210/0aa7d683/attachment.htm>

More information about the debian-security-tracker-commits mailing list