diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2010-02-09 09:35:48 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2010-02-09 09:35:48 +0000 |
| commit | 06ae8ca5a6e452e5cb555c1a511a9df8dec6657c (patch) | |
| tree | 4da3bde9c75aa774767e854132634386f6bac1d3 /RELEASE-NOTES | |
| parent | d33da42334169ad2a1c94571fc51e3735973097b (diff) | |
- When downloading compressed content over HTTP and the app as asked libcurl
to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
could wrongly provide the callback with more data than what the maximum
documented amount. An application could thus get tricked into badness if the
maximum limit was trusted to be enforced by libcurl itself (as it is
documented).
This is further detailed and explained in the libcurl security advisory
20100209 at
http://curl.haxx.se/docs/adv_20100209.html
Diffstat (limited to 'RELEASE-NOTES')
| -rw-r--r-- | RELEASE-NOTES | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 22f362085..fceaafc64 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -52,6 +52,8 @@ This release includes the following bugfixes: o FTP file size checks with ASCII transfers o HTTP Cookie: headers sort cookies based on specified path lengths o CURLM_CALL_MULTI_PERFORM fix for multi socket timeout calls + o libcurl data callback excessive length: + http://curl.haxx.se/docs/adv_20100209.html This release includes the following known bugs: @@ -66,6 +68,6 @@ advice from friends like these: Markus Koetter, Chad Monroe, Martin Storsjo, Siegfried Gyuricsko, Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge, Johan van Selst, Charles Kerr, Gil Weber, David McCreedy, Chris Conroy, - Bjorn Stenberg, Mike Crowe, Joshua Kwan, Daniel Fandrich + Bjorn Stenberg, Mike Crowe, Joshua Kwan, Daniel Fandrich, Wesley Miaw Thanks! (and sorry if I forgot to mention someone) |