curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

CVE archeology

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 10 May 2022 16:32:18 +0200 (CEST)

Hi friends.

For several older security advisories done years ago, I remember that I put
"7.1" as the first vulnerable version a little by habit because the flaw was
really old and I was too lazy to find the exact version.

I did it now. I went back and dug up the actual version that introduced the 11
CVEs that previously had 7.1 as the first vulnerable version. I figured it
could be valuable to have more accurate vulnerability data.

For versions before 6.5 (that aren't present in git), I've used the changelog
and a few saved snapshots.

See https://github.com/curl/curl-www/pull/183

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2022-05-10