diff --git a/CHANGES b/CHANGES index 55a4a72db..b00a20208 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,14 @@ Changelog +Daniel (22 February 2005) +- NTLM and ftp-krb4 buffer overflow fixed, as reported here: + http://www.securityfocus.com/archive/1/391042 and the CAN report here: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 + + If these security guys were serious, we'd been notified in advance and we + could've saved a few of you a little surprise, but now we weren't. + Daniel (19 February 2005) - Ralph Mitchell reported a flaw when you used a proxy with auth, and you requested data from a host and then followed a redirect to another diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 40aaecce0..b0371c91c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o NTLM/krb4 buffer overflow fixed (CAN-2005-0490) o proxy auth bug when following redirects to another host o socket leak when local bind failed o HTTP POST with --anyauth picking NTLM