Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Microsoft on CVE-2021-22947
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Patrick Monnerat via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 12 Jan 2022 16:25:30 +0100
On 1/12/22 12:33, Daniel Stenberg via curl-library wrote:
> Hi team,
>
> Just a FYI:
>
> Yesterday, Microsoft published information[1] and upgrade details for
> fixing their version of curl in regards to the problem called
> CVE-2021-22947 that we reported back in September 2021 [2].
>
> In their great wisdom, without asking us or reading our description,
> they decided this is a "Remote Code Execution Vulnerability".
>
> I obviously disagree with that description.
Me too !
But it's really not the first time they do something wrong about
security :-( What did you expect after all these years of erring ?...
;-)
Date: Wed, 12 Jan 2022 16:25:30 +0100
On 1/12/22 12:33, Daniel Stenberg via curl-library wrote:
> Hi team,
>
> Just a FYI:
>
> Yesterday, Microsoft published information[1] and upgrade details for
> fixing their version of curl in regards to the problem called
> CVE-2021-22947 that we reported back in September 2021 [2].
>
> In their great wisdom, without asking us or reading our description,
> they decided this is a "Remote Code Execution Vulnerability".
>
> I obviously disagree with that description.
Me too !
But it's really not the first time they do something wrong about
security :-( What did you expect after all these years of erring ?...
;-)
-- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-01-12