aboutsummaryrefslogtreecommitdiff
path: root/CHANGES
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES27
1 files changed, 27 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index ab2f4ce81..a67e4d50a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,8 +6,35 @@
Changelog
+Daniel (20 March 2006)
+- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file
+ whose length was a multiple of 512 bytes could have random garbage
+ appended. Also, stop processing TFTP packets which are too short to be
+ legal.
+
+- Ilja van Sprundel reported a possible crash in the curl tool when using
+ "curl hostwithoutslash -d data -G"
+
Version 7.15.3 (20 March 2006)
+Daniel (20 March 2006)
+- VULNERABILITY reported to us by Ulf Harnhammar.
+
+ libcurl uses the given file part of a TFTP URL in a manner that allows a
+ malicious user to overflow a heap-based memory buffer due to the lack of
+ boundary check.
+
+ This overflow happens if you pass in a URL with a TFTP protocol prefix
+ ("tftp://"), using a valid host and a path part that is longer than 512
+ bytes.
+
+ The affected flaw can be triggered by a redirect, if curl/libcurl is told to
+ follow redirects and an HTTP server points the client to a tftp URL with the
+ characteristics described above.
+
+ The Common Vulnerabilities and Exposures (CVE) project has assigned the name
+ CVE-2006-1061 to this issue.
+
Daniel (16 March 2006)
- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included
in the release archive.