curl-library
Re: Regression on FTP connections with --anyauth
From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 25 Feb 2014 22:49:00 +0100 (CET)
Date: Tue, 25 Feb 2014 22:49:00 +0100 (CET)
On Mon, 24 Feb 2014, Dan Fandrich wrote:
> It's probably worthwhile updating the security advisory at
> http://curl.haxx.se/docs/adv_20140129.html as it advocates applying just
> commit 8ae35102 as a fix to the original security issue. By my reckoning,
> the fix should be 8ae35102 followed by 378af08c followed by d7650998. The
> 7.27.0 patch at http://curl.haxx.se/CVE-2014-0015-7-27.patch suffers from
> the same problem.
I agree completely, we really should. I'll try to create an amended version of
the patches that take the subsequent fixes into account as well. When I get
home again with some cycles to spare... Unless someone does it before me of
course!
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2014-02-25