Loading CHANGES +16 −0 Original line number Original line Diff line number Diff line Loading @@ -8,6 +8,22 @@ Version 7.15.0 (13 October 2005) Daniel (12 October 2005) - Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM code that would overflow a buffer if given a too long user name or domain name. This would happen if you enable NTLM authentication and either A - pass in a user name and domain name to libcurl that together are longer than 192 bytes B - allow (lib)curl to follow HTTP "redirects" (Location: and the appropriate HTTP 30x response code) and the new URL contains a URL with a user name and domain name that together are longer than 192 bytes See http://curl.haxx.se/docs/security.html for further details and updates Daniel (5 October 2005) Daniel (5 October 2005) - Darryl House reported a problem with using -z to download files from FTP. - Darryl House reported a problem with using -z to download files from FTP. It turned out that if the given time stamp was exact the same as the remote It turned out that if the given time stamp was exact the same as the remote Loading RELEASE-NOTES +2 −1 Original line number Original line Diff line number Diff line Loading @@ -5,7 +5,7 @@ Curl and libcurl 7.15.0 Available command line options: 109 Available command line options: 109 Available curl_easy_setopt() options: 124 Available curl_easy_setopt() options: 124 Number of public functions in libcurl: 46 Number of public functions in libcurl: 46 Amount of public web site mirrors: 25 Amount of public web site mirrors: 24 Number of known libcurl bindings: 32 Number of known libcurl bindings: 32 Number of contributors: 451 Number of contributors: 451 Loading @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: This release includes the following bugfixes: o user+domain name buffer overflow in the NTLM code (security flaw) o -z over FTP now considers equal timestamps "not modified since" o -z over FTP now considers equal timestamps "not modified since" o Weird characters removed from the configure script o Weird characters removed from the configure script o Fixed time zone offsets for MEST and CEST for the time parser o Fixed time zone offsets for MEST and CEST for the time parser Loading Loading
CHANGES +16 −0 Original line number Original line Diff line number Diff line Loading @@ -8,6 +8,22 @@ Version 7.15.0 (13 October 2005) Daniel (12 October 2005) - Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM code that would overflow a buffer if given a too long user name or domain name. This would happen if you enable NTLM authentication and either A - pass in a user name and domain name to libcurl that together are longer than 192 bytes B - allow (lib)curl to follow HTTP "redirects" (Location: and the appropriate HTTP 30x response code) and the new URL contains a URL with a user name and domain name that together are longer than 192 bytes See http://curl.haxx.se/docs/security.html for further details and updates Daniel (5 October 2005) Daniel (5 October 2005) - Darryl House reported a problem with using -z to download files from FTP. - Darryl House reported a problem with using -z to download files from FTP. It turned out that if the given time stamp was exact the same as the remote It turned out that if the given time stamp was exact the same as the remote Loading
RELEASE-NOTES +2 −1 Original line number Original line Diff line number Diff line Loading @@ -5,7 +5,7 @@ Curl and libcurl 7.15.0 Available command line options: 109 Available command line options: 109 Available curl_easy_setopt() options: 124 Available curl_easy_setopt() options: 124 Number of public functions in libcurl: 46 Number of public functions in libcurl: 46 Amount of public web site mirrors: 25 Amount of public web site mirrors: 24 Number of known libcurl bindings: 32 Number of known libcurl bindings: 32 Number of contributors: 451 Number of contributors: 451 Loading @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: This release includes the following bugfixes: o user+domain name buffer overflow in the NTLM code (security flaw) o -z over FTP now considers equal timestamps "not modified since" o -z over FTP now considers equal timestamps "not modified since" o Weird characters removed from the configure script o Weird characters removed from the configure script o Fixed time zone offsets for MEST and CEST for the time parser o Fixed time zone offsets for MEST and CEST for the time parser Loading
