diff options
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -6,8 +6,35 @@ Changelog +Daniel (20 March 2006) +- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file + whose length was a multiple of 512 bytes could have random garbage + appended. Also, stop processing TFTP packets which are too short to be + legal. + +- Ilja van Sprundel reported a possible crash in the curl tool when using + "curl hostwithoutslash -d data -G" + Version 7.15.3 (20 March 2006) +Daniel (20 March 2006) +- VULNERABILITY reported to us by Ulf Harnhammar. + + libcurl uses the given file part of a TFTP URL in a manner that allows a + malicious user to overflow a heap-based memory buffer due to the lack of + boundary check. + + This overflow happens if you pass in a URL with a TFTP protocol prefix + ("tftp://"), using a valid host and a path part that is longer than 512 + bytes. + + The affected flaw can be triggered by a redirect, if curl/libcurl is told to + follow redirects and an HTTP server points the client to a tftp URL with the + characteristics described above. + + The Common Vulnerabilities and Exposures (CVE) project has assigned the name + CVE-2006-1061 to this issue. + Daniel (16 March 2006) - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included in the release archive. |