diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2005-03-03 13:13:21 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2005-03-03 13:13:21 +0000 |
| commit | 861b5e608b1df43099c3e41d797f0ce06608fff6 (patch) | |
| tree | 7742992b94f76f93f01bce44e53b0b5ec3473721 | |
| parent | f61917594e6541f0ddb1a8d0f1bfcfb312eb4835 (diff) | |
mention buffer overflows fixed
| -rw-r--r-- | CHANGES | 8 | ||||
| -rw-r--r-- | RELEASE-NOTES | 1 |
2 files changed, 9 insertions, 0 deletions
@@ -7,6 +7,14 @@ Changelog +Daniel (22 February 2005) +- NTLM and ftp-krb4 buffer overflow fixed, as reported here: + http://www.securityfocus.com/archive/1/391042 and the CAN report here: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 + + If these security guys were serious, we'd been notified in advance and we + could've saved a few of you a little surprise, but now we weren't. + Daniel (19 February 2005) - Ralph Mitchell reported a flaw when you used a proxy with auth, and you requested data from a host and then followed a redirect to another diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 40aaecce0..b0371c91c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o NTLM/krb4 buffer overflow fixed (CAN-2005-0490) o proxy auth bug when following redirects to another host o socket leak when local bind failed o HTTP POST with --anyauth picking NTLM |