Changelog
+Daniel (20 March 2006)
+- Dan Fandrich fixed two TFTP problems: Fixed a bug whereby a received file
+ whose length was a multiple of 512 bytes could have random garbage
+ appended. Also, stop processing TFTP packets which are too short to be
+ legal.
+
+- Ilja van Sprundel reported a possible crash in the curl tool when using
+ "curl hostwithoutslash -d data -G"
+
Version 7.15.3 (20 March 2006)
+Daniel (20 March 2006)
+- VULNERABILITY reported to us by Ulf Harnhammar.
+
+ libcurl uses the given file part of a TFTP URL in a manner that allows a
+ malicious user to overflow a heap-based memory buffer due to the lack of
+ boundary check.
+
+ This overflow happens if you pass in a URL with a TFTP protocol prefix
+ ("tftp://"), using a valid host and a path part that is longer than 512
+ bytes.
+
+ The affected flaw can be triggered by a redirect, if curl/libcurl is told to
+ follow redirects and an HTTP server points the client to a tftp URL with the
+ characteristics described above.
+
+ The Common Vulnerabilities and Exposures (CVE) project has assigned the name
+ CVE-2006-1061 to this issue.
+
Daniel (16 March 2006)
- Tor Arntsen provided a RPM spec file for AIX Toolbox, that now is included
in the release archive.
Number of public functions in libcurl: 46
Amount of public web site mirrors: 31
Number of known libcurl bindings: 32
- Number of contributors: 487
+ Number of contributors: 492
This release includes the following changes:
This release includes the following bugfixes:
- o
+ o TFTP transfers could trash data
+ o -d + -G combo crash
Other curl-related news since the previous public release:
This release would not have looked like this without help, code, reports and
advice from friends like these:
-
+ Dan Fandrich, Ilja van Sprundel
Thanks! (and sorry if I forgot to mention someone)
projects / curl / commitdiff