Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6ef710a9 by Salvatore Bonaccorso at 2026-01-14T06:00:24+01:00 Add final release tag for CVE-2025-9086/curl As upstream appears to remove the rc ones add the final one, but keep here the rc version so we can properly match to the unstable upload including the fix, while the security issue was not yet announced. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -47965,7 +47965,7 @@ CVE-2025-9086 (1. A cookie is set using the `secure` keyword for `https://target [bookworm] - curl <not-affected> (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2025-9086.html NOTE: Introduced with: https://github.com/curl/curl/commit/1aea05a6c2699e80c75936d58569851555acd603 (curl-8_13_0) - NOTE: Fixed by: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd37711300 (rc-8_16_0-1) + NOTE: Fixed by: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd37711300 (rc-8_16_0-1, curl-8_16_0) CVE-2025-10148 (curl's websocket code did not update the 32 bit mask pattern for each ...) - curl 8.16.0-1 [trixie] - curl 8.14.1-2+deb13u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ef710a939ee1bc52e0c7876b061bae9410e5556 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ef710a939ee1bc52e0c7876b061bae9410e5556 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
