Overview

File _patchinfo of Package patchinfo.42064

<patchinfo incident="42064">
  <issue tracker="bnc" id="1255733">VUL-0: EMBARGOED: CVE-2025-15079: curl: libssh global knownhost override</issue>
  <issue tracker="bnc" id="1255734">VUL-0: EMBARGOED: CVE-2025-15224: curl: libssh key passphrase bypass without agent set</issue>
  <issue tracker="bnc" id="1255731">VUL-0: EMBARGOED: CVE-2025-14524: curl: bearer token leak on cross-protocol redirect</issue>
  <issue tracker="bnc" id="1255732">VUL-0: EMBARGOED: CVE-2025-14819: curl: openSSL partial chain store policy bypass</issue>
  <issue tracker="cve" id="2025-15079"/>
  <issue tracker="cve" id="2025-14819"/>
  <issue tracker="cve" id="2025-15224"/>
  <issue tracker="cve" id="2025-14524"/>
  <packager>lmulling</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for curl</summary>
  <description>This update for curl fixes the following issues:

- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places