Search for packages
| purl | pkg:deb/debian/curl@8.18.0~rc3-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5xp7-mcsa-uqd4 | When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. |
CVE-2025-14819
|
| VCID-nvzd-v3bs-6qek | When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. |
CVE-2025-15079
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-17T22:43:10.529436+00:00 | Debian Importer | Fixing | VCID-nvzd-v3bs-6qek | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-17T22:43:10.465225+00:00 | Debian Importer | Fixing | VCID-5xp7-mcsa-uqd4 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-03T07:21:25.374088+00:00 | Debian Importer | Fixing | VCID-nvzd-v3bs-6qek | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:21:25.353782+00:00 | Debian Importer | Fixing | VCID-5xp7-mcsa-uqd4 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |