NIXPKGS-2026-0031 published on 18 Jan 2026 CVE-2025-14017 updated 4 days, 7 hours ago by @LeSuisse Activity log Created automatic suggestion 5 days, 18 hours ago @LeSuisse removed 11 packages wcurl curlie curlpp phpExtensions.curl curl-impersonate curlWithGnuTls curlMinimal guile-curl curlftpfs curlHTTP3 grpcurl 4 days, 7 hours ago @LeSuisse added package curlMinimal 4 days, 7 hours ago @LeSuisse removed 33 packages curl-impersonate-ff ocamlPackages.curly ocamlPackages.ocurl tclPackages.tclcurl haskellPackages.curl luaPackages.lua-curl perlPackages.WWWCurl php81Extensions.curl php82Extensions.curl php83Extensions.curl haskellPackages.curlhs php84Extensions.curl lua51Packages.lua-curl lua52Packages.lua-curl lua53Packages.lua-curl lua54Packages.lua-curl curl-impersonate-chrome luajitPackages.lua-curl perl538Packages.WWWCurl perl540Packages.WWWCurl haskellPackages.hxt-curl python312Packages.pycurl python313Packages.pycurl python312Packages.curlify python313Packages.curlify tests.pkg-config.defaultPkgConfigPackages.libcurl haskellPackages.recurly-client haskellPackages.curly-expander haskellPackages.curl-cookiejar haskellPackages.download-curl python313Packages.curl-cffi python312Packages.curl-cffi typstPackages.curli_0_1_0 4 days, 7 hours ago @LeSuisse removed 2 maintainers @Scrumplex @lovek323 4 days, 7 hours ago @LeSuisse added 14 maintainers @GGG-KILLER @deliciouslytyped @Ma27 @CrazedProgrammer @knl @ethancedwards8 @piotrkwiecinski @aanderse @talyz @chuangzhu @fgaz @bennofs @D4ndellion @sternenseemann 4 days, 7 hours ago @LeSuisse removed 14 maintainers @GGG-KILLER @deliciouslytyped @Ma27 @CrazedProgrammer @knl @ethancedwards8 @piotrkwiecinski @aanderse @talyz @chuangzhu @fgaz @bennofs @D4ndellion @sternenseemann 4 days, 7 hours ago @LeSuisse accepted as draft 4 days, 7 hours ago @LeSuisse published on GitHub 4 days, 7 hours ago broken TLS options for threaded LDAPS When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. Affected products curl =<7.88.0 =<7.36.0 =<8.10.1 =<8.4.0 =<8.16.0 =<8.10.0 =<7.19.4 =<7.26.0 =<7.76.1 =<8.6.0 =<8.1.0 =<7.70.0 =<7.56.0 =<7.25.0 =<7.50.3 =<8.3.0 =<8.11.1 =<7.33.0 =<7.34.0 =<7.54.1 =<7.21.7 =<7.72.0 =<7.43.0 =<7.48.0 =<7.61.1 =<7.67.0 =<8.17.0 =<7.19.6 =<7.87.0 =<7.61.0 =<7.53.1 =<7.17.0 =<8.14.0 =<8.7.0 =<7.73.0 =<7.86.0 =<7.50.2 =<7.29.0 =<7.52.0 =<7.49.1 =<8.12.0 =<8.2.1 =<7.85.0 =<7.41.0 =<7.79.0 =<7.37.1 =<8.13.0 =<7.47.0 =<7.37.0 =<7.75.0 =<7.83.0 =<7.40.0 =<7.20.0 =<7.65.1 =<7.21.6 =<7.27.0 =<7.59.0 =<7.23.1 =<7.21.1 =<7.81.0 =<7.38.0 =<7.24.0 =<7.18.1 =<7.19.1 =<7.42.1 =<7.23.0 =<7.21.5 =<8.9.0 =<7.39.0 =<7.83.1 =<7.50.1 =<7.35.0 =<8.8.0 =<7.21.3 =<7.18.2 =<7.69.0 =<8.9.1 =<8.5.0 =<7.19.2 =<7.20.1 =<7.65.0 =<7.88.1 =<7.56.1 =<7.60.0 =<7.19.0 =<7.18.0 =<8.0.0 =<7.49.0 =<8.14.1 =<8.0.1 =<8.2.0 =<7.65.3 =<7.17.1 =<7.55.0 =<7.28.1 =<7.19.5 =<7.51.0 =<7.64.0 =<7.63.0 =<7.21.0 =<8.15.0 =<7.54.0 =<7.84.0 =<7.45.0 =<7.55.1 =<7.19.7 =<7.53.0 =<7.32.0 =<7.50.0 =<7.71.0 =<7.21.2 =<7.78.0 =<7.66.0 =<7.21.4 =<8.7.1 =<7.52.1 =<7.28.0 =<8.12.1 =<7.74.0 =<7.30.0 =<8.11.0 =<7.62.0 =<7.71.1 =<7.77.0 =<8.1.2 =<7.80.0 =<7.31.0 =<7.42.0 =<7.57.0 =<7.58.0 =<7.76.0 =<7.65.2 =<7.22.0 =<7.69.1 =<7.19.3 =<8.1.1 =<7.68.0 =<7.44.0 =<7.82.0 =<7.47.1 =<7.64.1 =<7.79.1 =<7.46.0 Matching in nixpkgs pkgs.curl Command line tool for transferring files with URL syntax nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1 pkgs.curlFull Command line tool for transferring files with URL syntax nixos-unstable 8.17.0 nixpkgs-unstable 8.17.0 nixos-unstable-small 8.17.0 nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1 pkgs.curlMinimal Command line tool for transferring files with URL syntax nixos-unstable 8.17.0 nixpkgs-unstable 8.17.0 nixos-unstable-small 8.17.0 nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1
CVE-2025-14017 updated 4 days, 7 hours ago by @LeSuisse Activity log Created automatic suggestion 5 days, 18 hours ago @LeSuisse removed 11 packages wcurl curlie curlpp phpExtensions.curl curl-impersonate curlWithGnuTls curlMinimal guile-curl curlftpfs curlHTTP3 grpcurl 4 days, 7 hours ago @LeSuisse added package curlMinimal 4 days, 7 hours ago @LeSuisse removed 33 packages curl-impersonate-ff ocamlPackages.curly ocamlPackages.ocurl tclPackages.tclcurl haskellPackages.curl luaPackages.lua-curl perlPackages.WWWCurl php81Extensions.curl php82Extensions.curl php83Extensions.curl haskellPackages.curlhs php84Extensions.curl lua51Packages.lua-curl lua52Packages.lua-curl lua53Packages.lua-curl lua54Packages.lua-curl curl-impersonate-chrome luajitPackages.lua-curl perl538Packages.WWWCurl perl540Packages.WWWCurl haskellPackages.hxt-curl python312Packages.pycurl python313Packages.pycurl python312Packages.curlify python313Packages.curlify tests.pkg-config.defaultPkgConfigPackages.libcurl haskellPackages.recurly-client haskellPackages.curly-expander haskellPackages.curl-cookiejar haskellPackages.download-curl python313Packages.curl-cffi python312Packages.curl-cffi typstPackages.curli_0_1_0 4 days, 7 hours ago @LeSuisse removed 2 maintainers @Scrumplex @lovek323 4 days, 7 hours ago @LeSuisse added 14 maintainers @GGG-KILLER @deliciouslytyped @Ma27 @CrazedProgrammer @knl @ethancedwards8 @piotrkwiecinski @aanderse @talyz @chuangzhu @fgaz @bennofs @D4ndellion @sternenseemann 4 days, 7 hours ago @LeSuisse removed 14 maintainers @GGG-KILLER @deliciouslytyped @Ma27 @CrazedProgrammer @knl @ethancedwards8 @piotrkwiecinski @aanderse @talyz @chuangzhu @fgaz @bennofs @D4ndellion @sternenseemann 4 days, 7 hours ago @LeSuisse accepted as draft 4 days, 7 hours ago @LeSuisse published on GitHub 4 days, 7 hours ago broken TLS options for threaded LDAPS When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. Affected products curl =<7.88.0 =<7.36.0 =<8.10.1 =<8.4.0 =<8.16.0 =<8.10.0 =<7.19.4 =<7.26.0 =<7.76.1 =<8.6.0 =<8.1.0 =<7.70.0 =<7.56.0 =<7.25.0 =<7.50.3 =<8.3.0 =<8.11.1 =<7.33.0 =<7.34.0 =<7.54.1 =<7.21.7 =<7.72.0 =<7.43.0 =<7.48.0 =<7.61.1 =<7.67.0 =<8.17.0 =<7.19.6 =<7.87.0 =<7.61.0 =<7.53.1 =<7.17.0 =<8.14.0 =<8.7.0 =<7.73.0 =<7.86.0 =<7.50.2 =<7.29.0 =<7.52.0 =<7.49.1 =<8.12.0 =<8.2.1 =<7.85.0 =<7.41.0 =<7.79.0 =<7.37.1 =<8.13.0 =<7.47.0 =<7.37.0 =<7.75.0 =<7.83.0 =<7.40.0 =<7.20.0 =<7.65.1 =<7.21.6 =<7.27.0 =<7.59.0 =<7.23.1 =<7.21.1 =<7.81.0 =<7.38.0 =<7.24.0 =<7.18.1 =<7.19.1 =<7.42.1 =<7.23.0 =<7.21.5 =<8.9.0 =<7.39.0 =<7.83.1 =<7.50.1 =<7.35.0 =<8.8.0 =<7.21.3 =<7.18.2 =<7.69.0 =<8.9.1 =<8.5.0 =<7.19.2 =<7.20.1 =<7.65.0 =<7.88.1 =<7.56.1 =<7.60.0 =<7.19.0 =<7.18.0 =<8.0.0 =<7.49.0 =<8.14.1 =<8.0.1 =<8.2.0 =<7.65.3 =<7.17.1 =<7.55.0 =<7.28.1 =<7.19.5 =<7.51.0 =<7.64.0 =<7.63.0 =<7.21.0 =<8.15.0 =<7.54.0 =<7.84.0 =<7.45.0 =<7.55.1 =<7.19.7 =<7.53.0 =<7.32.0 =<7.50.0 =<7.71.0 =<7.21.2 =<7.78.0 =<7.66.0 =<7.21.4 =<8.7.1 =<7.52.1 =<7.28.0 =<8.12.1 =<7.74.0 =<7.30.0 =<8.11.0 =<7.62.0 =<7.71.1 =<7.77.0 =<8.1.2 =<7.80.0 =<7.31.0 =<7.42.0 =<7.57.0 =<7.58.0 =<7.76.0 =<7.65.2 =<7.22.0 =<7.69.1 =<7.19.3 =<8.1.1 =<7.68.0 =<7.44.0 =<7.82.0 =<7.47.1 =<7.64.1 =<7.79.1 =<7.46.0 Matching in nixpkgs pkgs.curl Command line tool for transferring files with URL syntax nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1 pkgs.curlFull Command line tool for transferring files with URL syntax nixos-unstable 8.17.0 nixpkgs-unstable 8.17.0 nixos-unstable-small 8.17.0 nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1 pkgs.curlMinimal Command line tool for transferring files with URL syntax nixos-unstable 8.17.0 nixpkgs-unstable 8.17.0 nixos-unstable-small 8.17.0 nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1
curl =<7.88.0 =<7.36.0 =<8.10.1 =<8.4.0 =<8.16.0 =<8.10.0 =<7.19.4 =<7.26.0 =<7.76.1 =<8.6.0 =<8.1.0 =<7.70.0 =<7.56.0 =<7.25.0 =<7.50.3 =<8.3.0 =<8.11.1 =<7.33.0 =<7.34.0 =<7.54.1 =<7.21.7 =<7.72.0 =<7.43.0 =<7.48.0 =<7.61.1 =<7.67.0 =<8.17.0 =<7.19.6 =<7.87.0 =<7.61.0 =<7.53.1 =<7.17.0 =<8.14.0 =<8.7.0 =<7.73.0 =<7.86.0 =<7.50.2 =<7.29.0 =<7.52.0 =<7.49.1 =<8.12.0 =<8.2.1 =<7.85.0 =<7.41.0 =<7.79.0 =<7.37.1 =<8.13.0 =<7.47.0 =<7.37.0 =<7.75.0 =<7.83.0 =<7.40.0 =<7.20.0 =<7.65.1 =<7.21.6 =<7.27.0 =<7.59.0 =<7.23.1 =<7.21.1 =<7.81.0 =<7.38.0 =<7.24.0 =<7.18.1 =<7.19.1 =<7.42.1 =<7.23.0 =<7.21.5 =<8.9.0 =<7.39.0 =<7.83.1 =<7.50.1 =<7.35.0 =<8.8.0 =<7.21.3 =<7.18.2 =<7.69.0 =<8.9.1 =<8.5.0 =<7.19.2 =<7.20.1 =<7.65.0 =<7.88.1 =<7.56.1 =<7.60.0 =<7.19.0 =<7.18.0 =<8.0.0 =<7.49.0 =<8.14.1 =<8.0.1 =<8.2.0 =<7.65.3 =<7.17.1 =<7.55.0 =<7.28.1 =<7.19.5 =<7.51.0 =<7.64.0 =<7.63.0 =<7.21.0 =<8.15.0 =<7.54.0 =<7.84.0 =<7.45.0 =<7.55.1 =<7.19.7 =<7.53.0 =<7.32.0 =<7.50.0 =<7.71.0 =<7.21.2 =<7.78.0 =<7.66.0 =<7.21.4 =<8.7.1 =<7.52.1 =<7.28.0 =<8.12.1 =<7.74.0 =<7.30.0 =<8.11.0 =<7.62.0 =<7.71.1 =<7.77.0 =<8.1.2 =<7.80.0 =<7.31.0 =<7.42.0 =<7.57.0 =<7.58.0 =<7.76.0 =<7.65.2 =<7.22.0 =<7.69.1 =<7.19.3 =<8.1.1 =<7.68.0 =<7.44.0 =<7.82.0 =<7.47.1 =<7.64.1 =<7.79.1 =<7.46.0
pkgs.curl Command line tool for transferring files with URL syntax nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1
pkgs.curlFull Command line tool for transferring files with URL syntax nixos-unstable 8.17.0 nixpkgs-unstable 8.17.0 nixos-unstable-small 8.17.0 nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1
pkgs.curlMinimal Command line tool for transferring files with URL syntax nixos-unstable 8.17.0 nixpkgs-unstable 8.17.0 nixos-unstable-small 8.17.0 nixos-25.05 8.14.1 nixos-25.05-small 8.14.1 nixpkgs-25.05-darwin 8.14.1