[Git][security-tracker-team/security-tracker][master] Track fixed version for curl issues via unstable

Salvatore Bonaccorso (@carnil) Sun, 09 Feb 2025 22:50:24 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e7c3b270 by Salvatore Bonaccorso at 2025-02-10T07:49:07+01:00
Track fixed version for curl issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -707,20 +707,20 @@ CVE-2023-52924 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux 5.10.205-1
        NOTE: 
https://git.kernel.org/linus/24138933b97b055d486e8064b4a1721702442a9b (6.5-rc6)
 CVE-2025-0167 (When asked to use a `.netrc` file for credentials **and** to 
follow HT ...)
-       - curl <unfixed>
+       - curl 8.12.0+git20250209.89ed161+ds-1
        [bullseye] - curl <not-affected> (Vulnerable code introduced later)
        NOTE: https://curl.se/docs/CVE-2025-0167.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/46620b97431e19c53ce82e55055c85830f088cf4 
(curl-7_76_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e319e5ce4b8080d8eb 
(curl-8_12_0)
 CVE-2025-0665 (libcurl would wrongly close the same eventfd file descriptor 
twice whe ...)
-       - curl <unfixed>
+       - curl 8.12.0+git20250209.89ed161+ds-1
        [bookworm] - curl <not-affected> (Vulnerable code not present)
        [bullseye] - curl <not-affected> (Vulnerable code not present)
        NOTE: https://curl.se/docs/CVE-2025-0665.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/92124838c6b7e09e3f35ff84e1eb63cf0105c9b5 
(curl-8_11_1)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2 
(curl-8_12_0)
 CVE-2025-0725 (When libcurl is asked to perform automatic gzip decompression 
of conte ...)
-       - curl <unfixed> (unimportant)
+       - curl 8.12.0+git20250209.89ed161+ds-1 (unimportant)
        NOTE: https://curl.se/docs/CVE-2025-0725.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/019c4088cfcca0d2b7c5cc4f52ca5dac0c616089 
(curl-7_10_5)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7fe141010077eb88 
(curl-8_12_0)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c3b270857d2b72cf9dc2661b6a04c883847695

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7c3b270857d2b72cf9dc2661b6a04c883847695
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version for curl issues via unstable

Reply via email to