Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
CVE archeology
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 10 May 2022 16:32:18 +0200 (CEST)
Hi friends.
For several older security advisories done years ago, I remember that I put
"7.1" as the first vulnerable version a little by habit because the flaw was
really old and I was too lazy to find the exact version.
I did it now. I went back and dug up the actual version that introduced the 11
CVEs that previously had 7.1 as the first vulnerable version. I figured it
could be valuable to have more accurate vulnerability data.
For versions before 6.5 (that aren't present in git), I've used the changelog
and a few saved snapshots.
See https://github.com/curl/curl-www/pull/183
Date: Tue, 10 May 2022 16:32:18 +0200 (CEST)
Hi friends.
For several older security advisories done years ago, I remember that I put
"7.1" as the first vulnerable version a little by habit because the flaw was
really old and I was too lazy to find the exact version.
I did it now. I went back and dug up the actual version that introduced the 11
CVEs that previously had 7.1 as the first vulnerable version. I figured it
could be valuable to have more accurate vulnerability data.
For versions before 6.5 (that aren't present in git), I've used the changelog
and a few saved snapshots.
See https://github.com/curl/curl-www/pull/183
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2022-05-10