[Git][security-tracker-team/security-tracker][master] Add new curl issue (CVE-2025-5399)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 4 06:52:55 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c019d3bc by Salvatore Bonaccorso at 2025-06-04T07:52:30+02:00
Add new curl issue (CVE-2025-5399)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,10 @@
+CVE-2025-5399 [WebSocket endless loop]
+ - curl <unfixed>
+ [bookworm] - curl <not-affected> (Vulnerable code not present)
+ [bullseye] - curl <not-affected> (Vulnerable code not present)
+ NOTE: https://curl.se/docs/CVE-2025-5399.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/3588df9478d7c27046b34cdb510728a26bedabc7 (curl-8_13_0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/d1145df24de8f80e6b167fbc4f28b86bcd0c6832 (curl-8_14_1)
CVE-2025-5525 (A vulnerability was found in Jrohy trojan up to 2.15.3. It has been de ...)
NOT-FOR-US: Jrohy trojan
CVE-2025-5523 (A vulnerability classified as problematic has been found in enilu web- ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c019d3bc5411766bd2c9ae0e77f2df79c617b3a6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c019d3bc5411766bd2c9ae0e77f2df79c617b3a6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250604/a9ce612a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list