[Git][security-tracker-team/security-tracker][master] Add CVE-2025-14524/curl
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 7 07:55:37 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4462fc16 by Salvatore Bonaccorso at 2026-01-07T08:54:47+01:00
Add CVE-2025-14524/curl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,10 @@
+CVE-2025-14524 [bearer token leak on cross-protocol redirect]
+ - curl 8.18.0~rc2-1
+ [trixie] - curl <no-dsa> (Minor issue)
+ [bookworm] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2025-14524.html
+ NOTE: Introduced with: https://github.com/curl/curl/commit/06c1bea72faabb6fad4b7ef818aafaa336c9a7aa (curl-7_33_0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd04c8fa48640 (rc-8_18_0-2, curl-8_18_0)
CVE-2025-14017 [broken TLS options for threaded LDAPS]
- curl 8.18.0~rc2-1 (unimportant)
NOTE: https://curl.se/docs/CVE-2025-14017.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4462fc16531fa13cacfd287c9a59e7b129656404
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4462fc16531fa13cacfd287c9a59e7b129656404
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260107/51aeed78/attachment.htm>
More information about the debian-security-tracker-commits
mailing list