3 Mar 2005 14:13
bagder: curl CHANGES,1.674,1.675 RELEASE-NOTES,1.217,1.218
<cvs <at> labb.contactor.se>
2005-03-03 13:13:24 GMT
2005-03-03 13:13:24 GMT
Update of /cvsroot/curl/curl
In directory labb:/tmp/cvs-serv12291
Modified Files:
CHANGES RELEASE-NOTES
Log Message:
mention buffer overflows fixed
Index: RELEASE-NOTES
===================================================================
RCS file: /cvsroot/curl/curl/RELEASE-NOTES,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -d -r1.217 -r1.218
--- RELEASE-NOTES 18 Feb 2005 23:53:07 -0000 1.217
+++ RELEASE-NOTES 3 Mar 2005 13:13:21 -0000 1.218
<at> <at> -16,6 +16,7 <at> <at>
This release includes the following bugfixes:
+ o NTLM/krb4 buffer overflow fixed (CAN-2005-0490)
o proxy auth bug when following redirects to another host
o socket leak when local bind failed
o HTTP POST with --anyauth picking NTLM
Index: CHANGES
===================================================================
RCS file: /cvsroot/curl/curl/CHANGES,v
retrieving revision 1.674
retrieving revision 1.675
diff -u -d -r1.674 -r1.675
--- CHANGES 18 Feb 2005 23:53:07 -0000 1.674
+++ CHANGES 3 Mar 2005 13:13:21 -0000 1.675
<at> <at> -7,6 +7,14 <at> <at>
Changelog
+Daniel (22 February 2005)
+- NTLM and ftp-krb4 buffer overflow fixed, as reported here:
+ http://www.securityfocus.com/archive/1/391042 and the CAN report here:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
+
+ If these security guys were serious, we'd been notified in advance and we
+ could've saved a few of you a little surprise, but now we weren't.
+
Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
_______________________________________________
http://cool.haxx.se/mailman/listinfo/curl-commits
RSS Feed