[ubuntu/questing-updates] curl 8.14.1-2ubuntu1.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Feb 25 00:02:36 UTC 2026
curl (8.14.1-2ubuntu1.1) questing-security; urgency=medium
* SECURITY UPDATE: cookie path out-of-bounds read
- debian/patches/CVE-2025-9086.patch: don't treat the
leading slash as trailing in lib/cookie.c
- CVE-2025-9086
* SECURITY UPDATE: predictable websocket frame mask
- debian/patches/CVE-2025-10148.patch: get a new mask for each
new outgoing frame in lib/ws.c
- CVE-2025-10148
* SECURITY UPDATE: wcurl output file directory escape
- debian/patches/CVE-2025-11563.patch: dont percent-decode
'/' or '\' in output file name in scripts/wcurl.c
- CVE-2025-11563
* SECURITY UPDATE: No QUIC certificate pinning with GnuTLS
- debian/patches/CVE-2025-13034.patch: call Curl_gtls_verifyserver
unconditionally in lib/vquic/vquic-tls.c.
- CVE-2025-13034
* SECURITY UPDATE: multi-threaded TSL options leak
- debian/patches/CVE-2025-14017.patch: call ldap_init() before
setting the options in lib/ldap.c
- CVE-2025-14017
* SECURITY UPDATE: bearer token leak on cross-protocol redirect
- debian/patches/CVE-2025-14524.patch: if redirected,
require permission to use bearer in lib/curl_sasl.c
- CVE-2025-14524
* SECURITY UPDATE: OpenSSL partial chain store policy bypass
- debian/patches/CVE-2025-14819.patch: toggling
CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache in
lib/vtls/openssl.c.
- CVE-2025-14819
Date: 2026-02-21 01:04:13.370658+00:00
Changed-By: Elise Hlady <elise.hlady at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list