cURL / Mailing Lists / curl-library / Single Mail

curl-library

securityfocus.com inaccuracies

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Mon, 7 Mar 2005 16:37:23 +0100 (CET)

While we're on the subject of bad security advisories, a little amusement is
this:

http://www.securityfocus.com/bid/12616

I would like to point out the list of "vulnerable" versions. The list includes
numerous versions that was released before curl even had the features that the
advisory is for. ;-)

The list of affected versions also lack numerous versions. They could've just
said vulnerable: curl 7.3 up to and including curl 7.13.0.

I've mailed them about. I don't think it'll change anything. I've tried to
have them correct the previous advisories they have on curl too in the past.
They don't seem to care.

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html

Received on 2005-03-07

This message: [ Message body ]
Next message: Michael Mastroianni: "RE: curl_easy_init_options (Was: Re: ARES configuration)"
Previous message: Daniel Stenberg: "new multi interface functions, continued"
Next in thread: Dan Fandrich: "Re: securityfocus.com inaccuracies"
Reply: Dan Fandrich: "Re: securityfocus.com inaccuracies"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]