Loading CHANGES +27 −0 Original line number Diff line number Diff line Loading @@ -6,8 +6,35 @@ Changelog Daniel (20 March 2006) - Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file whose length was a multiple of 512 bytes could have random garbage appended. Also, stop processing TFTP packets which are too short to be legal. - Ilja van Sprundel reported a possible crash in the curl tool when using "curl hostwithoutslash -d data -G" Version 7.15.3 (20 March 2006) Daniel (20 March 2006) - VULNERABILITY reported to us by Ulf Harnhammar. libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check. This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes. The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-1061 to this issue. Daniel (16 March 2006) - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included in the release archive. Loading RELEASE-NOTES +4 −3 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ Curl and libcurl 7.15.4 Number of public functions in libcurl: 46 Amount of public web site mirrors: 31 Number of known libcurl bindings: 32 Number of contributors: 487 Number of contributors: 492 This release includes the following changes: Loading @@ -15,7 +15,8 @@ This release includes the following changes: This release includes the following bugfixes: o o TFTP transfers could trash data o -d + -G combo crash Other curl-related news since the previous public release: Loading @@ -24,6 +25,6 @@ Other curl-related news since the previous public release: This release would not have looked like this without help, code, reports and advice from friends like these: Dan Fandrich, Ilja van Sprundel Thanks! (and sorry if I forgot to mention someone) Loading
CHANGES +27 −0 Original line number Diff line number Diff line Loading @@ -6,8 +6,35 @@ Changelog Daniel (20 March 2006) - Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file whose length was a multiple of 512 bytes could have random garbage appended. Also, stop processing TFTP packets which are too short to be legal. - Ilja van Sprundel reported a possible crash in the curl tool when using "curl hostwithoutslash -d data -G" Version 7.15.3 (20 March 2006) Daniel (20 March 2006) - VULNERABILITY reported to us by Ulf Harnhammar. libcurl uses the given file part of a TFTP URL in a manner that allows a malicious user to overflow a heap-based memory buffer due to the lack of boundary check. This overflow happens if you pass in a URL with a TFTP protocol prefix ("tftp://"), using a valid host and a path part that is longer than 512 bytes. The affected flaw can be triggered by a redirect, if curl/libcurl is told to follow redirects and an HTTP server points the client to a tftp URL with the characteristics described above. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-1061 to this issue. Daniel (16 March 2006) - Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included in the release archive. Loading
RELEASE-NOTES +4 −3 Original line number Diff line number Diff line Loading @@ -7,7 +7,7 @@ Curl and libcurl 7.15.4 Number of public functions in libcurl: 46 Amount of public web site mirrors: 31 Number of known libcurl bindings: 32 Number of contributors: 487 Number of contributors: 492 This release includes the following changes: Loading @@ -15,7 +15,8 @@ This release includes the following changes: This release includes the following bugfixes: o o TFTP transfers could trash data o -d + -G combo crash Other curl-related news since the previous public release: Loading @@ -24,6 +25,6 @@ Other curl-related news since the previous public release: This release would not have looked like this without help, code, reports and advice from friends like these: Dan Fandrich, Ilja van Sprundel Thanks! (and sorry if I forgot to mention someone)
