This bug was fixed in the package curl - 8.18.0-1ubuntu1
---------------
curl (8.18.0-1ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2138401). Remaining changes:
- d/{control,rules}: drop nghttp3 and ngtcp2 dependencies in universe
- d/control: do not use gnutls for the curl binary
- d/control: don't build-depend on python3-impacket and stunnel on i386
curl (8.18.0-1) unstable; urgency=medium
* New upstream version 8.18.0
* debian/control:
- Bump stds-version to 4.7.3.
- Remove Priority field, it already defaults to optional.
- Remove Rules-Requires-Root, it already defaults to no.
* debian/copyright: bump packaging copyright years, happy 2026!
curl (8.18.0~rc3-1) unstable; urgency=medium
* New upstream version 8.18.0~rc3
* Refresh patches
* d/copyright: Remove entries for files removed upstream
* Refresh patches:
- ZZZgnutls-build.patch
- build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch
* d/copyright: Remove entries for files removed upstream:
- lib/vtls/mbedtls_threadlock.c
- lib/vtls/mbedtls_threadlock.h
curl (8.18.0~rc2-1) unstable; urgency=medium
* New upstream version 8.18.0~rc2
* d/copyright: Remove entries for files removed upstream
* d/patches:
- Drop patches merged upstream:
~ fix-progress-meter-in-parallel-mode.patch
~ wcurl-CVE-2025-11563.patch
- Update patches:
~ ZZZgnutls-build.patch:
+ Variables AM_CFLAGS and AM_LDFLAGS were dropped
in lib/Makefile.am
+ Update patch's context.
~ build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch:
+ Context update.
+ Update patch offset.
~ 11_omit-directories-from-config.patch:
+ Update for upstream usage of double quotes (replacing single quotes)
for variables and usage of '&& test' instead of '-a' in
curl-config.in.
* d/libcurl4-doc.docs: Some docs were converted to .md:
- docs/FAQ.md
- docs/KNOWN_BUGS.md
- docs/TODO.md
curl (8.17.0-3) unstable; urgency=medium
* d/p/fix-progress-meter-in-parallel-mode.patch: cherry-pick from
upstream.
curl (8.17.0-2) unstable; urgency=medium
* d/p/wcurl-CVE-2025-11563.patch: Import new upstream patch to fix
CVE-2025-11563
-- Ural Tunaboyu <[email protected]> Wed, 14 Jan 2026
11:47:19 -0800
** Changed in: curl (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-11563
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2138401
Title:
Merge curl 8.18.0-1 from Debian Unstable for resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2138401/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
