[Git][security-tracker-team/security-tracker][master] Add first batch of new curl issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 24 07:17:02 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab788d40 by Salvatore Bonaccorso at 2026-06-24T08:16:30+02:00
Add first batch of new curl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2026-10536
+	- curl 8.21.0~rc2-1
+	NOTE: https://curl.se/docs/CVE-2026-10536.html
+	NOTE: Introduced with: https://github.com/curl/curl/commit/71b7e0161032927cdfb4e75ea40f65b8898b3956 (curl-7_88_0)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/bfbff7852f050232edd3e5ca5c6bf2021c340f5a (rc-8_21_0-1, curl-8_21_0)
+CVE-2026-11352
+	- curl 8.21.0~rc2-1
+	[trixie] - curl <not-affected> (Vulnerable code not present)
+	[bookworm] - curl <not-affected> (Vulnerable code not present)
+	[bullseye] - curl <not-affected> (Vulnerable code not present)
+	NOTE: https://curl.se/docs/CVE-2026-11352.html
+	NOTE: Introduced with: https://github.com/curl/curl/commit/6a3d0b6d631d5e9bec797306b5b41a9f440a088d (curl-8_18_0)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/56eca2afb4806f1032872fa97d1834b3c1385276 (rc-8_21_0-2, curl-8_21_0)
+CVE-2026-11564
+	- curl 8.21.0~rc2-1
+	[trixie] - curl <not-affected> (Vulnerable code not present)
+	[bookworm] - curl <not-affected> (Vulnerable code not present)
+	[bullseye] - curl <not-affected> (Vulnerable code not present)
+	NOTE: https://curl.se/docs/CVE-2026-11564.html
+	NOTE: Introduced with: https://github.com/curl/curl/commit/eefd03c572996e5de4dec4fe295ad6f103e0eefc (curl-8_17_0)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/d69bfad3fa3daf5e72331f6870667607828d5891 (rc-8_21_0-2, curl-8_21_0)
+CVE-2026-11586
+	- curl 8.21.0~rc3-1
+	[trixie] - curl <not-affected> (Vulnerable code not present)
+	[bookworm] - curl <not-affected> (Vulnerable code not present)
+	[bullseye] - curl <not-affected> (Vulnerable code not present)
+	NOTE: https://curl.se/docs/CVE-2026-11586.html
+	NOTE: Introduced with: https://github.com/curl/curl/commit/0b091328773c64e23f5c4739da74527093c6a5ab (curl-8_16_0)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/849317ff5c5a5e13f50ec3d001e46ddffa77d8a4 (rc-8_21_0-3, curl-8_21_0)
+CVE-2026-11856
+	- curl 8.21.0~rc3-1
+	NOTE: https://curl.se/docs/CVE-2026-11856.html
+	NOTE: Introduced with: https://github.com/curl/curl/commit/334d78cd18a7310144383929bdcef34ffbf6159b (curl-7_10_6)
+	NOTE: Fixed by: https://github.com/curl/curl/commit/5c6b4880357ab3e72967c1c45cae0f96ffabc535 (rc-8_21_0-3, curl-8_21_0)
 CVE-2026-12064
 	- curl 8.21.0~rc3-1
 	NOTE: https://curl.se/docs/CVE-2026-12064.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab788d40287edd559d299531a8f6cb9da5747f50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab788d40287edd559d299531a8f6cb9da5747f50
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/cbc2a4fd/attachment.htm>


More information about the debian-security-tracker-commits mailing list