Hi Simon, On Wed, Jun 11, 2025 at 05:08:37PM +0100, Simon McVittie wrote: > Hi, > While merging updated versions of curl into a Debian derivative I noticed > that curl in trixie/sid is listed as vulnerable to CVE-2025-4947 and > CVE-2025-5025, but according to the notes those CVEs are fixed in > curl-8_14_0, therefore 8.14.1-1 in trixie/sid is probably not vulnerable > (even if the relevant features are enabled, which I haven't checked).
Thank you, I have updated the metadata on security-tracker. And correct, they are marked unimportant ad we do not build with wolfSSL support. Regards, Salvatore
