Date: Wed, 4 Mar 2009 18:22:31 +0200 From: Peter Pentchev <roam@ringlet.net> To: Daniel Bond <db@danielbond.org> Cc: freebsd-security@freebsd.org Subject: Re: New CURL Advisory (fixed in 7.19.4) Message-ID: <20090304162231.GA1043@straylight.m.ringlet.net> In-Reply-To: <268B6D1D-474F-4D59-AA2D-C495F2F55B67@danielbond.org> References: <268B6D1D-474F-4D59-AA2D-C495F2F55B67@danielbond.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 04, 2009 at 03:29:04PM +0100, Daniel Bond wrote: > Hi, >=20 > Noticed quite an ugly bug in CURL today: > http://curl.haxx.se/docs/adv_20090303.html=20 > .. If you didn't see this allready :) >=20 > here is also the CVE entry for it: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2009-0037 >=20 > Thanks to the freebsd security team for doing great work, and Neil =20 > Blakey-Milner for maintaining this port. Yes, thanks for reporting this :) Actually, Mark Foster had already filed a PR about this, and I committed the VuXML entry a while ago. I'll update the curl port ASAP now. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@space.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmuqscACgkQ7Ri2jRYZRVMa2QCeIQmyWEwHJrYO+Ntnb/XLISad Q1kAoJFUSeS7KdSc31GLEWM7orXyFIrn =/bK7 -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090304162231.GA1043>