curl / Mailing Lists / curl-library / Single Mail

curl-library

(lib)curl and libssh(2) usage (CVE-2018-10933)

From: Jörg Schmitz-Linneweber via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 17 Oct 2018 10:46:36 +0200

Hi All!

I'm just wondering how or better _if_ the above mentioned flaw in libssh
(or libssh2) affects curl.

In my opinion it should not have any impact since curl needs libssh
"only" for (transfer) protocols SCP and SFTP and the flaw in libssh
affects (mostly) the server side.

Of course I'll have a look in the sources. But perhaps someone has
already done this? :-)

CIA. Salut, Joerg

Jörg Schmitz-Linneweber

Wir sind umgezogen. We have moved.
Unsere neue Adresse. Our new address.

BAB TECHNOLOGIE GmbH
Hörder Burgstr. 18
44263 DORTMUND
GERMANY

Tel: +49 231 476425-30
Fax: +49 231 476425-59
Internet: www.bab-tec.de

Registergericht Dortmund, HRB 21643
Geschäftsführer: Albert Baurmann

Member of the KNX-Association
Member of the EnOcean Alliance
Member of SmartHome Initiative Deutschland e.V.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-10-17

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "Re: (lib)curl and libssh(2) usage (CVE-2018-10933)"
Previous message: Daniel Stenberg via curl-library: "Re: Plans to switch Visual Studio pre-generated project files from OpenSSL 1.0.2 to 1.1.1"
Next in thread: Daniel Stenberg via curl-library: "Re: (lib)curl and libssh(2) usage (CVE-2018-10933)"
Reply: Daniel Stenberg via curl-library: "Re: (lib)curl and libssh(2) usage (CVE-2018-10933)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]