mention today's fixes
This commit is contained in:
Daniel Stenberg
parent
97181b5c0d
commit
18081e30e1
27
CHANGES
27
CHANGES
@ -6,8 +6,35 @@
|
|||||||
|
|
||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
|
Daniel (20 March 2006)
|
||||||
|
- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file
|
||||||
|
whose length was a multiple of 512 bytes could have random garbage
|
||||||
|
appended. Also, stop processing TFTP packets which are too short to be
|
||||||
|
legal.
|
||||||
|
|
||||||
|
- Ilja van Sprundel reported a possible crash in the curl tool when using
|
||||||
|
"curl hostwithoutslash -d data -G"
|
||||||
|
|
||||||
Version 7.15.3 (20 March 2006)
|
Version 7.15.3 (20 March 2006)
|
||||||
|
|
||||||
|
Daniel (20 March 2006)
|
||||||
|
- VULNERABILITY reported to us by Ulf Harnhammar.
|
||||||
|
|
||||||
|
libcurl uses the given file part of a TFTP URL in a manner that allows a
|
||||||
|
malicious user to overflow a heap-based memory buffer due to the lack of
|
||||||
|
boundary check.
|
||||||
|
|
||||||
|
This overflow happens if you pass in a URL with a TFTP protocol prefix
|
||||||
|
("tftp://"), using a valid host and a path part that is longer than 512
|
||||||
|
bytes.
|
||||||
|
|
||||||
|
The affected flaw can be triggered by a redirect, if curl/libcurl is told to
|
||||||
|
follow redirects and an HTTP server points the client to a tftp URL with the
|
||||||
|
characteristics described above.
|
||||||
|
|
||||||
|
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
|
||||||
|
CVE-2006-1061 to this issue.
|
||||||
|
|
||||||
Daniel (16 March 2006)
|
Daniel (16 March 2006)
|
||||||
- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included
|
- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included
|
||||||
in the release archive.
|
in the release archive.
|
||||||
|
|||||||
@ -7,7 +7,7 @@ Curl and libcurl 7.15.4
|
|||||||
Number of public functions in libcurl: 46
|
Number of public functions in libcurl: 46
|
||||||
Amount of public web site mirrors: 31
|
Amount of public web site mirrors: 31
|
||||||
Number of known libcurl bindings: 32
|
Number of known libcurl bindings: 32
|
||||||
Number of contributors: 487
|
Number of contributors: 492
|
||||||
|
|
||||||
This release includes the following changes:
|
This release includes the following changes:
|
||||||
|
|
||||||
@ -15,7 +15,8 @@ This release includes the following changes:
|
|||||||
|
|
||||||
This release includes the following bugfixes:
|
This release includes the following bugfixes:
|
||||||
|
|
||||||
o
|
o TFTP transfers could trash data
|
||||||
|
o -d + -G combo crash
|
||||||
|
|
||||||
Other curl-related news since the previous public release:
|
Other curl-related news since the previous public release:
|
||||||
|
|
||||||
@ -24,6 +25,6 @@ Other curl-related news since the previous public release:
|
|||||||
This release would not have looked like this without help, code, reports and
|
This release would not have looked like this without help, code, reports and
|
||||||
advice from friends like these:
|
advice from friends like these:
|
||||||
|
|
||||||
|
Dan Fandrich, Ilja van Sprundel
|
||||||
|
|
||||||
Thanks! (and sorry if I forgot to mention someone)
|
Thanks! (and sorry if I forgot to mention someone)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user