curl CVE-2025-4947, CVE-2025-5025 probably fixed in trixie/sid

To: debian-security-tracker@lists.debian.org
Subject: curl CVE-2025-4947, CVE-2025-5025 probably fixed in trixie/sid
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 11 Jun 2025 17:08:37 +0100
Message-id: <[🔎] aEmqBe6QdcUjWPoL@descent>

Hi,
While merging updated versions of curl into a Debian derivative I noticed
that curl in trixie/sid is listed as vulnerable to CVE-2025-4947 and
CVE-2025-5025, but according to the notes those CVEs are fixed in
curl-8_14_0, therefore 8.14.1-1 in trixie/sid is probably not vulnerable
(even if the relevant features are enabled, which I haven't checked).

    smcv

Reply to:

Follow-Ups:
- Re: curl CVE-2025-4947, CVE-2025-5025 probably fixed in trixie/sid
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: Please update courier security tracker information
Previous by thread: External check
Next by thread: Re: curl CVE-2025-4947, CVE-2025-5025 probably fixed in trixie/sid
Index(es):
- Date
- Thread