[Git][security-tracker-team/security-tracker][master] Track fixed version for curl issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 10 06:50:15 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7c3b270 by Salvatore Bonaccorso at 2025-02-10T07:49:07+01:00
Track fixed version for curl issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -707,20 +707,20 @@ CVE-2023-52924 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux 5.10.205-1
NOTE: https://git.kernel.org/linus/24138933b97b055d486e8064b4a1721702442a9b (6.5-rc6)
CVE-2025-0167 (When asked to use a `.netrc` file for credentials **and** to follow HT ...)
- - curl <unfixed>
+ - curl 8.12.0+git20250209.89ed161+ds-1
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2025-0167.html
NOTE: Introduced with: https://github.com/curl/curl/commit/46620b97431e19c53ce82e55055c85830f088cf4 (curl-7_76_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb (curl-8_12_0)
CVE-2025-0665 (libcurl would wrongly close the same eventfd file descriptor twice whe ...)
- - curl <unfixed>
+ - curl 8.12.0+git20250209.89ed161+ds-1
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
NOTE: https://curl.se/docs/CVE-2025-0665.html
NOTE: Introduced with: https://github.com/curl/curl/commit/92124838c6b7e09e3f35ff84e1eb63cf0105c9b5 (curl-8_11_1)
NOTE: Fixed by: https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2 (curl-8_12_0)
CVE-2025-0725 (When libcurl is asked to perform automatic gzip decompression of conte ...)
- - curl <unfixed> (unimportant)
+ - curl 8.12.0+git20250209.89ed161+ds-1 (unimportant)
NOTE: https://curl.se/docs/CVE-2025-0725.html
NOTE: Introduced with: https://github.com/curl/curl/commit/019c4088cfcca0d2b7c5cc4f52ca5dac0c616089 (curl-7_10_5)
NOTE: Fixed by: https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7fe141010077eb88 (curl-8_12_0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c3b270857d2b72cf9dc2661b6a04c883847695
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c3b270857d2b72cf9dc2661b6a04c883847695
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250210/0aa7d683/attachment.htm>
More information about the debian-security-tracker-commits
mailing list