[Git][security-tracker-team/security-tracker][master] Reserve DLA-4432-1 for curl

Carlos Henrique Lima Melara (@charles) Sun, 04 Jan 2026 16:54:29 -0800


Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker 
/ security-tracker



Commits:
8fa92930 by Carlos Henrique Lima Melara at 2026-01-04T21:53:49-03:00
Reserve DLA-4432-1 for curl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -44517,7 +44517,6 @@ CVE-2025-9086 (1. A cookie is set using the `secure` 
keyword for `https://target
        - curl 8.16.0~rc2-1
        [trixie] - curl 8.14.1-2+deb13u1
        [bookworm] - curl <no-dsa> (Minor issue)
-       [bullseye] - curl <postponed> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2025-9086.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/f24dc09d209a2f91ca38d854f0c15ad93f3d7e2d 
(curl-7_31_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd37711300 
(rc-8_16_0-1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Jan 2026] DLA-4432-1 curl - security update
+       {CVE-2025-9086}
+       [bullseye] - curl 7.74.0-1.3+deb11u16
 [02 Jan 2026] DLA-4431-1 gimp - security update
        {CVE-2022-30067 CVE-2025-14422 CVE-2025-14425}
        [bullseye] - gimp 2.10.22-4+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -75,14 +75,6 @@ ckeditor
 containerd
   NOTE: 20251113: Added by Front-Desk (ta)
 --
-curl (charles)
-  NOTE: 20260103: Added by Front-Desk (Beuc)
-  NOTE: 20260103: @puer-robustus prepared a patch for bullseye:
-  NOTE: 20260103: https://salsa.debian.org/debian/curl/-/merge_requests/57
-  NOTE: 20260103: There's also an OSPU:
-  NOTE: 20260103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124568
-  NOTE: 20260103: Please coordinate with him to upload to LTS (Beuc/front-desk)
---
 dcmtk (Markus Koschany)
   NOTE: 20251229: Added by Front-Desk (apo)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa92930da07073beff8ae636c2d19dc0442c04a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa92930da07073beff8ae636c2d19dc0442c04a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-4432-1 for curl

Reply via email to