[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-13034/curl

Wed Jan 7 07:39:39 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
593db3cf by Salvatore Bonaccorso at 2026-01-07T08:39:14+01:00
Update status for CVE-2025-13034/curl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,11 @@
 CVE-2025-13034 [No QUIC certificate pinning with GnuTLS]
-	- curl <unfixed>
+	- curl 8.18.0~rc2-1
+	[trixie] - curl <no-dsa> (Minor issue)
 	[bookworm] - curl <not-affected> (Vulnerable code introduced later)
 	[bullseye] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.se/docs/CVE-2025-13034.html
 	NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 (curl-8_8_0)
-	NOTE: Fixed by: https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946d428b4dd3acf2c9 (curl-8_18_0)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946d428b4dd3acf2c9 (rc-8_18_0-1, curl-8_18_0)
 CVE-2026-0628
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/593db3cfc82c0f2d72af4e412fe2cd8f244b5741

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/593db3cfc82c0f2d72af4e412fe2cd8f244b5741
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260107/ac36f22c/attachment.htm>
