[Git][security-tracker-team/security-tracker][master] lts: triage curl CVEs
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Wed Sep 10 15:09:13 BST 2025
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42270606 by Emilio Pozuelo Monfort at 2025-09-10T16:09:03+02:00
lts: triage curl CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20,6 +20,7 @@ CVE-2025-9086 [Out of bounds read for cookie path]
- curl 8.16.0~rc2-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
+ [bullseye] - curl <postponed> (Minor issue)
NOTE: https://curl.se/docs/CVE-2025-9086.html
NOTE: Introduced with: https://github.com/curl/curl/commit/f24dc09d209a2f91ca38d854f0c15ad93f3d7e2d (curl-7_31_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd37711300 (rc-8_16_0-1)
@@ -27,6 +28,7 @@ CVE-2025-10148 [predictable WebSocket mask]
- curl <unfixed>
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <ignored> (Minor issue; WebSocket support considered experimental feature, only enabled in builds since 8.8.0-2)
+ [bullseye] - curl <not-affected> (WebSocket support introduced later)
NOTE: https://curl.se/docs/CVE-2025-10148.html
NOTE: Fixed by: https://github.com/curl/curl/commit/84db7a9eae8468c0445b15aa806fa7fa806fa0f2 (curl-8_16_0)
CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access point's HTTP admin inter ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42270606275437cb0725cb0c9df487e9135f44a5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42270606275437cb0725cb0c9df487e9135f44a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250910/cd77e65a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list