cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Regression on FTP connections with --anyauth

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 25 Feb 2014 22:49:00 +0100 (CET)

On Mon, 24 Feb 2014, Dan Fandrich wrote:

> It's probably worthwhile updating the security advisory at
> http://curl.haxx.se/docs/adv_20140129.html as it advocates applying just
> commit 8ae35102 as a fix to the original security issue. By my reckoning,
> the fix should be 8ae35102 followed by 378af08c followed by d7650998. The
> 7.27.0 patch at http://curl.haxx.se/CVE-2014-0015-7-27.patch suffers from
> the same problem.

I agree completely, we really should. I'll try to create an amended version of
the patches that take the subsequent fixes into account as well. When I get
home again with some cycles to spare... Unless someone does it before me of
course!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-02-25

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Multi handle and boost asio, wont finish"
Previous message: Daniel Stenberg: "Re: [curl] Don't omit CN verification in SChannel when an IP address is used. (#94)"
In reply to: Dan Fandrich: "Re: Regression on FTP connections with --anyauth"
Next in thread: Tor Arntsen: "Re: Regression on FTP connections with --anyauth"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]