mention today's fixes

1 files changed, 27 insertions, 0 deletions

diff --git a/CHANGES b/CHANGES
index ab2f4ce81..a67e4d50a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,8 +6,35 @@
 
                                   Changelog
 
+Daniel (20 March 2006)
+- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file
+  whose length was a multiple of 512 bytes could have random garbage
+  appended. Also, stop processing TFTP packets which are too short to be
+  legal.
+
+- Ilja van Sprundel reported a possible crash in the curl tool when using
+  "curl hostwithoutslash -d data -G"
+
 Version 7.15.3 (20 March 2006)
 
+Daniel (20 March 2006)
+- VULNERABILITY reported to us by Ulf Harnhammar.
+
+  libcurl uses the given file part of a TFTP URL in a manner that allows a
+  malicious user to overflow a heap-based memory buffer due to the lack of
+  boundary check.
+
+  This overflow happens if you pass in a URL with a TFTP protocol prefix
+  ("tftp://"), using a valid host and a path part that is longer than 512
+  bytes.
+
+  The affected flaw can be triggered by a redirect, if curl/libcurl is told to
+  follow redirects and an HTTP server points the client to a tftp URL with the
+  characteristics described above.
+
+  The Common Vulnerabilities and Exposures (CVE) project has assigned the name
+  CVE-2006-1061 to this issue.
+
 Daniel (16 March 2006)
 - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included
   in the release archive.