UbuntuUpdates.org

Package "libcurl4-doc"

Name: libcurl4-doc

Description:

documentation for libcurl
Latest version: 8.14.1-2ubuntu1.1
Release: questing (25.10)
Level: security
Repository: main
Head package: curl
Homepage: https://curl.se/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libcurl4-doc"

All arch deb package
APT INSTALL

Other versions of "libcurl4-doc" in Questing

Repository Area Version
base main 8.14.1-2ubuntu1
updates main 8.14.1-2ubuntu1.1

Changelog

Version: 8.14.1-2ubuntu1.1 2026-02-25 03:09:08 UTC

  curl (8.14.1-2ubuntu1.1) questing-security; urgency=medium

  * SECURITY UPDATE: cookie path out-of-bounds read
    - debian/patches/CVE-2025-9086.patch: don't treat the
    leading slash as trailing in lib/cookie.c
    - CVE-2025-9086
  * SECURITY UPDATE: predictable websocket frame mask
    - debian/patches/CVE-2025-10148.patch: get a new mask for each
    new outgoing frame in lib/ws.c
    - CVE-2025-10148
  * SECURITY UPDATE: wcurl output file directory escape
    - debian/patches/CVE-2025-11563.patch: dont percent-decode
      '/' or '\' in output file name in scripts/wcurl.c
    - CVE-2025-11563
  * SECURITY UPDATE: No QUIC certificate pinning with GnuTLS
    - debian/patches/CVE-2025-13034.patch: call Curl_gtls_verifyserver
      unconditionally in lib/vquic/vquic-tls.c.
    - CVE-2025-13034
  * SECURITY UPDATE: multi-threaded TSL options leak
    - debian/patches/CVE-2025-14017.patch: call ldap_init() before
    setting the options in lib/ldap.c
    - CVE-2025-14017
  * SECURITY UPDATE: bearer token leak on cross-protocol redirect
    - debian/patches/CVE-2025-14524.patch: if redirected,
    require permission to use bearer in lib/curl_sasl.c
    - CVE-2025-14524
  * SECURITY UPDATE: OpenSSL partial chain store policy bypass
    - debian/patches/CVE-2025-14819.patch: toggling
      CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache in
      lib/vtls/openssl.c.
    - CVE-2025-14819

 -- Elise Hlady <email address hidden> Tue, 17 Feb 2026 15:07:06 -0800
CVE-2025-9086 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same
CVE-2025-10148 curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask tha
CVE-2025-13034 When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certif
CVE-2025-14017 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally a
CVE-2025-14524 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP,
CVE-2025-14819 When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally


About   -   Send Feedback to @ubuntu_updates