[Git][security-tracker-team/security-tracker][master] 2 commits: Reference followup for CVE-2025-11563
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 10 10:22:23 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
038c68a1 by Salvatore Bonaccorso at 2025-11-10T11:22:02+01:00
Reference followup for CVE-2025-11563
- - - - -
73d7b5cd by Salvatore Bonaccorso at 2025-11-10T11:22:03+01:00
Consider CVE-2025-11563/curl fixed only in 8.14.1-2+deb13u2 for trixie
Keeping the other CVE fixes associated with the uploaded
8.14.1-2+deb13u1, which will enter the point release at same time as
8.14.1-2+deb13u2.
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1320,6 +1320,7 @@ CVE-2025-11563
NOTE: Fixed by: https://github.com/curl/curl/commit/fb0c014e30e5f4de7aa0d566c52c836a6423da29 (rc-8_17_0-3)
NOTE: Included in Debian since 8.8.0-2
NOTE: https://curl.se/docs/CVE-2025-11563.html
+ NOTE: Followup for incomplete fix: https://github.com/curl/wcurl/pull/75
CVE-2025-63293 (FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to ...)
NOT-FOR-US: FairSketch Rise Ultimate Project Manager & CRM
CVE-2025-47370 (Transient DOS when a remote device sends an invalid connection request ...)
=====================================
data/next-point-update.txt
=====================================
@@ -86,7 +86,7 @@ CVE-2025-11678
CVE-2025-11677
[trixie] - libwebsockets 4.3.5-1+deb13u1
CVE-2025-11563
- [trixie] - curl 8.14.1-2+deb13u1
+ [trixie] - curl 8.14.1-2+deb13u2
CVE-2025-9086
[trixie] - curl 8.14.1-2+deb13u1
CVE-2025-10148
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59be9f8ebbdf9602b92964a6ac0a42dbc3994f91...73d7b5cd18f61c818482c640837da79ad0bb6dde
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59be9f8ebbdf9602b92964a6ac0a42dbc3994f91...73d7b5cd18f61c818482c640837da79ad0bb6dde
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251110/75305775/attachment.htm>
More information about the debian-security-tracker-commits
mailing list