[Git][security-tracker-team/security-tracker][master] 2 commits: Reference followup for CVE-2025-11563

Mon, 10 Nov 2025 02:22:39 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
038c68a1 by Salvatore Bonaccorso at 2025-11-10T11:22:02+01:00
Reference followup for CVE-2025-11563

- - - - -
73d7b5cd by Salvatore Bonaccorso at 2025-11-10T11:22:03+01:00
Consider CVE-2025-11563/curl fixed only in 8.14.1-2+deb13u2 for trixie

Keeping the other CVE fixes associated with the uploaded
8.14.1-2+deb13u1, which will enter the point release at same time as
8.14.1-2+deb13u2.

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1320,6 +1320,7 @@ CVE-2025-11563
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/fb0c014e30e5f4de7aa0d566c52c836a6423da29 
(rc-8_17_0-3)
        NOTE: Included in Debian since 8.8.0-2
        NOTE: https://curl.se/docs/CVE-2025-11563.html
+       NOTE: Followup for incomplete fix: https://github.com/curl/wcurl/pull/75
 CVE-2025-63293 (FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is 
vulnerable to  ...)
        NOT-FOR-US: FairSketch Rise Ultimate Project Manager & CRM
 CVE-2025-47370 (Transient DOS when a remote device sends an invalid connection 
request ...)


=====================================
data/next-point-update.txt
=====================================
@@ -86,7 +86,7 @@ CVE-2025-11678
 CVE-2025-11677
        [trixie] - libwebsockets 4.3.5-1+deb13u1
 CVE-2025-11563
-       [trixie] - curl 8.14.1-2+deb13u1
+       [trixie] - curl 8.14.1-2+deb13u2
 CVE-2025-9086
        [trixie] - curl 8.14.1-2+deb13u1
 CVE-2025-10148



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59be9f8ebbdf9602b92964a6ac0a42dbc3994f91...73d7b5cd18f61c818482c640837da79ad0bb6dde

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59be9f8ebbdf9602b92964a6ac0a42dbc3994f91...73d7b5cd18f61c818482c640837da79ad0bb6dde
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to