diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2006-03-20 22:25:14 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2006-03-20 22:25:14 +0000 |
| commit | 18081e30e1b76f3bd021b42e12e4a9f4f90554e8 (patch) | |
| tree | a1539f8297228c9987329b26906df1e2e4253a3c | |
| parent | 97181b5c0df67e3c8ea7c602c09c51a8830b5480 (diff) | |
mention today's fixes
| -rw-r--r-- | CHANGES | 27 | ||||
| -rw-r--r-- | RELEASE-NOTES | 7 |
2 files changed, 31 insertions, 3 deletions
@@ -6,8 +6,35 @@ Changelog +Daniel (20 March 2006) +- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file + whose length was a multiple of 512 bytes could have random garbage + appended. Also, stop processing TFTP packets which are too short to be + legal. + +- Ilja van Sprundel reported a possible crash in the curl tool when using + "curl hostwithoutslash -d data -G" + Version 7.15.3 (20 March 2006) +Daniel (20 March 2006) +- VULNERABILITY reported to us by Ulf Harnhammar. + + libcurl uses the given file part of a TFTP URL in a manner that allows a + malicious user to overflow a heap-based memory buffer due to the lack of + boundary check. + + This overflow happens if you pass in a URL with a TFTP protocol prefix + ("tftp://"), using a valid host and a path part that is longer than 512 + bytes. + + The affected flaw can be triggered by a redirect, if curl/libcurl is told to + follow redirects and an HTTP server points the client to a tftp URL with the + characteristics described above. + + The Common Vulnerabilities and Exposures (CVE) project has assigned the name + CVE-2006-1061 to this issue. + Daniel (16 March 2006) - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included in the release archive. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index c60bae26b..619ff8ce6 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -7,7 +7,7 @@ Curl and libcurl 7.15.4 Number of public functions in libcurl: 46 Amount of public web site mirrors: 31 Number of known libcurl bindings: 32 - Number of contributors: 487 + Number of contributors: 492 This release includes the following changes: @@ -15,7 +15,8 @@ This release includes the following changes: This release includes the following bugfixes: - o + o TFTP transfers could trash data + o -d + -G combo crash Other curl-related news since the previous public release: @@ -24,6 +25,6 @@ Other curl-related news since the previous public release: This release would not have looked like this without help, code, reports and advice from friends like these: - + Dan Fandrich, Ilja van Sprundel Thanks! (and sorry if I forgot to mention someone) |