curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Re: Some question about CVE-2022-27779

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 25 Mar 2025 13:27:47 +0100 (CET)

On Tue, 25 Mar 2025, 陈星杵 via curl-library wrote:

> Sorry, I expressed myself incorrectly. I mean that the file in the patch was
> inconsistent with the file in the introduce commit.[1] [2]

So let me get this clear: you are saying that the bug was introduced by
changing one file and the subsequent fix was done by changing another file and
you are asking if this is correct?

The CVE details document when the bug was introduced and how we fixed it. If
you think that is wrong then I think you should try to prove that or provide
reasoning to back that up. Just the fact that the bug and the fix were done in
different files seem to be a completely irrelevant argument.

I believe that data to be correct and I have seen nothing that contridicts
this belief.

-- 
  / daniel.haxx.se || https://rock-solid.curl.dev

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2025-03-25

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "curl up 2025 registration is open"
Previous message: 陈星杵 via curl-library: "Some question about CVE-2022-27779"
In reply to: 陈星杵 via curl-library: "Some question about CVE-2022-27779"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]