Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Warning: using file:// on Windows with curl
From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 16 Mar 2020 08:41:06 +0100 (CET)
Date: Mon, 16 Mar 2020 08:41:06 +0100 (CET)
On Mon, 16 Mar 2020, Jeffrey Walton wrote:
>> The conclusion we have come to is that this is a weakness or feature in the
>> Windows operating system itself, that we as an application cannot safely
>> protect users against.
> How did someone manage to get CVE-2019-15601 assigned to cURL for this? More
> useless crap from snake oil firms?
"Someone" reported the issue to us and we (the curl security team) considered
it a flaw. We then tried to filter paths to avoid triggering this behavior,
but recently we were made aware that it can be done numerous other ways as
well.
--
/ daniel.haxx.se | Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-03-16