[Git][security-tracker-team/security-tracker][master] Add first batch of new curl issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 24 07:17:02 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab788d40 by Salvatore Bonaccorso at 2026-06-24T08:16:30+02:00
Add first batch of new curl issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2026-10536
+ - curl 8.21.0~rc2-1
+ NOTE: https://curl.se/docs/CVE-2026-10536.html
+ NOTE: Introduced with: https://github.com/curl/curl/commit/71b7e0161032927cdfb4e75ea40f65b8898b3956 (curl-7_88_0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/bfbff7852f050232edd3e5ca5c6bf2021c340f5a (rc-8_21_0-1, curl-8_21_0)
+CVE-2026-11352
+ - curl 8.21.0~rc2-1
+ [trixie] - curl <not-affected> (Vulnerable code not present)
+ [bookworm] - curl <not-affected> (Vulnerable code not present)
+ [bullseye] - curl <not-affected> (Vulnerable code not present)
+ NOTE: https://curl.se/docs/CVE-2026-11352.html
+ NOTE: Introduced with: https://github.com/curl/curl/commit/6a3d0b6d631d5e9bec797306b5b41a9f440a088d (curl-8_18_0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/56eca2afb4806f1032872fa97d1834b3c1385276 (rc-8_21_0-2, curl-8_21_0)
+CVE-2026-11564
+ - curl 8.21.0~rc2-1
+ [trixie] - curl <not-affected> (Vulnerable code not present)
+ [bookworm] - curl <not-affected> (Vulnerable code not present)
+ [bullseye] - curl <not-affected> (Vulnerable code not present)
+ NOTE: https://curl.se/docs/CVE-2026-11564.html
+ NOTE: Introduced with: https://github.com/curl/curl/commit/eefd03c572996e5de4dec4fe295ad6f103e0eefc (curl-8_17_0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/d69bfad3fa3daf5e72331f6870667607828d5891 (rc-8_21_0-2, curl-8_21_0)
+CVE-2026-11586
+ - curl 8.21.0~rc3-1
+ [trixie] - curl <not-affected> (Vulnerable code not present)
+ [bookworm] - curl <not-affected> (Vulnerable code not present)
+ [bullseye] - curl <not-affected> (Vulnerable code not present)
+ NOTE: https://curl.se/docs/CVE-2026-11586.html
+ NOTE: Introduced with: https://github.com/curl/curl/commit/0b091328773c64e23f5c4739da74527093c6a5ab (curl-8_16_0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/849317ff5c5a5e13f50ec3d001e46ddffa77d8a4 (rc-8_21_0-3, curl-8_21_0)
+CVE-2026-11856
+ - curl 8.21.0~rc3-1
+ NOTE: https://curl.se/docs/CVE-2026-11856.html
+ NOTE: Introduced with: https://github.com/curl/curl/commit/334d78cd18a7310144383929bdcef34ffbf6159b (curl-7_10_6)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/5c6b4880357ab3e72967c1c45cae0f96ffabc535 (rc-8_21_0-3, curl-8_21_0)
CVE-2026-12064
- curl 8.21.0~rc3-1
NOTE: https://curl.se/docs/CVE-2026-12064.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab788d40287edd559d299531a8f6cb9da5747f50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab788d40287edd559d299531a8f6cb9da5747f50
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/cbc2a4fd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list