Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#21680 closed enhancement (fixed)

curl-8.14.1

Reported by: Xi Ruoyao Owned by: Bruce Dubbs
Priority: elevated Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New patch version with CVE-2025-5399 fix.

https://curl.se/docs/CVE-2025-5399.html

Change History (4)

comment:1 by Bruce Dubbs, 8 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 8 months ago

curl and libcurl 8.14.1

This release includes the following changes:

This release includes the following bugfixes:

  • asyn-thrdd: fix cleanup when RR fails due to OOM [20]
  • autotools: recognize more Linux targets when setting -D_GNU_SOURCE [35]
  • BUG-BOUNTY.md. mention the medium bounty amount in 2025 [5]
  • cmake: fix missed version number for multi-pkg-config detections [14]
  • cmdline-docs: mention HTTP resumed uploads to be shaky [21]
  • curl: make -N handled correctly [34]
  • curl: upload from '.' fix [9]
  • dllmain: exclude from Cygwin builds [32]
  • docs/tests: remove mention of hyper [23]
  • docs: fix typos [12]
  • ftp: fix teardown of DATA connection in done [31]
  • http: fail early when rewind of input failed when following redirects [2]
  • license: update some copyright links to curl.se [24]
  • memanalyze.pl: fix getaddrinfo/freeaddrinfo checks [25]
  • misc: fix spelling [15]
  • misc: we write *an* IPv6 address [10]
  • multi: fix add_handle resizing [3]
  • spelling: 'a' vs 'an' [8]
  • spelling: call it null-terminate consistently [6]
  • test1510: fix expectation [19]
  • tests: await portfile to be complete [1]
  • tests: fix checks for https-mtls proto [30]
  • tests: improve server start reliability [18]
  • tests: move test docs into /docs [16]
  • tests: re-enable 1510, document heimdal memleak [22]
  • tests: test mtls also w/ clientAuth EKU only [28]
  • tests: test mtls with --insecure [29]
  • tls BIOs: handle BIO_CTRL_EOF correctly [33]
  • tool_getparam: make --no-anyauth not be accepted [13]
  • tool_getparam: refactored, simplified [4]
  • tool_getparam: remove two nextarg NULL checks [11]
  • VULN-DISCLOSURE-POLICY.md: the distros list wants <= 7 days embargo [26]
  • wolfssl: fix sending of early data [7]
  • ws: handle blocked sends better [27]
  • ws: tests and fixes [17]

comment:3 by Bruce Dubbs, 8 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

81d0efd838 Update to poppler-25.06.0.
4a9b840f1e Update to hwdata-0.396.
caf0f4982d Update to curl-8.14.1.

comment:4 by Douglas R. Reno, 8 months ago

SA-12.3-048 issued

Note: See TracTickets for help on using tickets.