proj: smb4k
subj: [vs] encrypted subject
trep: Mon Dec 01 15:17:53 2025
cves: CVE-2025-66002, CVE-2025-66003
tcrd: 2025-12-10
toss: Wed Dec 10 18:23:16 2025
soss: [oss-security] smb4k: Major Vulnerabilities in KAuth Helper (CVE-2025-66002, CVE-2025-66003)
loss: https://www.openwall.com/lists/oss-security/2025/12/10/6

proj: dropbear
subj: [vs-plain] dropbear: privilege escalation via unix domain socket forwardings
trep: Thu Dec 04 04:49:55 2025
cves: CVE-2025-14282
tcrd: Tuesday 16th December, around 10pm +0800
toss: Tue Dec 16 14:07:31 2025
soss: [oss-security] Dropbear 2025.89 fixes privilege escalation, CVE-2025-14282
loss: https://www.openwall.com/lists/oss-security/2025/12/16/2

proj: systemd
subj: [vs-plain] systemd: exposure of resource to wrong sphere
trep: Tue Dec 23 21:34:00 2025
tcrd: January 15th 2026 \\ January 6
toss: Sun Dec 28 06:47:57 2025
soss: [oss-security] Systemd vsock sshd
loss: https://www.openwall.com/lists/oss-security/2025/12/28/4

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2025-13034 (1/5)
trep: Tue Dec 30 08:52:43 2025
cves: CVE-2025-13034
tcrd: January 7 2026 around 07:00 UTC
lpub: https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946
toss: Wed Jan 07 07:09:24 2026
soss: [oss-security] [ADVISORY] curl CVE-2025-13034: No QUIC certificate pinning with GnuTLS
loss: https://www.openwall.com/lists/oss-security/2026/01/07/2

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2025-14524 (2/5)
trep: Tue Dec 30 08:52:48 2025
cves: CVE-2025-14524
tcrd: January 7 2026 around 07:00 UTC
lpub: https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd
toss: Wed Jan 07 07:09:41 2026
soss: [oss-security] [ADVISORY] curl CVE-2025-14524: bearer token leak on cross-protocol redirect
loss: https://www.openwall.com/lists/oss-security/2026/01/07/4

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2025-14819 (3/5)
trep: Tue Dec 30 08:52:55 2025
cves: CVE-2025-14819
tcrd: January 7 2026 around 07:00 UTC
lpub: https://github.com/curl/curl/commit/cd046f6c93b39d673a58c1864
toss: Wed Jan 07 07:09:47 2026
soss: [oss-security] [ADVISORY] curl CVE-2025-14819: OpenSSL partial chain store policy bypass
loss: https://www.openwall.com/lists/oss-security/2026/01/07/5

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2025-15079 (4/5)
trep: Tue Dec 30 08:53:03 2025
cves: CVE-2025-15079
tcrd: January 7 2026 around 07:00 UTC
lpub: https://github.com/curl/curl/commit/adca486c125d9a6d9565b9607a19dce803
toss: Wed Jan 07 07:09:52 2026
soss: [oss-security] [ADVISORY] curl CVE-2025-15079: libssh global knownhost override
loss: https://www.openwall.com/lists/oss-security/2026/01/07/6

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2025-15224 (5/5)
trep: Tue Dec 30 08:53:10 2025
cves: CVE-2025-15224
tcrd: January 7 2026 around 07:00 UTC
lpub: https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c92
toss: Wed Jan 07 07:09:56 2026
soss: [oss-security] [ADVISORY] curl CVE-2025-15224: libssh key passphrase bypass without agent set
loss: https://www.openwall.com/lists/oss-security/2026/01/07/7