git: 3f32b24a8625 - main - security/vuxml: Add entry for ftp/curl
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Jun 2025 15:53:03 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=3f32b24a8625529941c5d344f4ba4964231f199f
commit 3f32b24a8625529941c5d344f4ba4964231f199f
Author: Christos Chatzaras <chris@cretaforce.gr>
AuthorDate: 2025-06-02 15:51:45 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-06-02 15:51:45 +0000
security/vuxml: Add entry for ftp/curl
* CVE-2025-4947
* CVE-2025-5025
PR: 287219
Reported by: chris@cretaforce.gr
---
security/vuxml/vuln/2025.xml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 62063d41b6e1..7f6f42898d29 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,32 @@
+ <vuln vid="533b4470-3f25-11f0-b440-f02f7432cf97">
+ <topic>curl -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><ge>8.5.0</ge><lt>8.14.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>curl security team reports:</p>
+ <blockquote cite="https://curl.se/docs/security.html">
+ <p>CVE-2025-5025: No QUIC certificate pinning with wolfSSL</p>
+ <p>CVE-2025-4947: QUIC certificate check skip with wolfSSL</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-5025</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-5025</url>
+ <cvename>CVE-2025-4947</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4947</url>
+ </references>
+ <dates>
+ <discovery>2025-05-28</discovery>
+ <entry>2025-06-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2926c487-3e53-11f0-95d4-00a098b42aeb">
<topic>libxml2 -- Out-of-bounds memory access</topic>
<affects>