Permalink
Browse files

7.15.0 time

  • Loading branch information...
1 parent 943aea6 commit 96cec4dfd7daa3ff87bad2140f28745d8417581e @bagder bagder committed Oct 13, 2005
Showing with 18 additions and 1 deletion.
  1. +16 −0 CHANGES
  2. +2 −1 RELEASE-NOTES
View
16 CHANGES
@@ -8,6 +8,22 @@
+Version 7.15.0 (13 October 2005)
+
+Daniel (12 October 2005)
+- Michael Sutton of iDEFENSE reported and I fixed a securitfy flaw in the NTLM
+ code that would overflow a buffer if given a too long user name or domain
+ name. This would happen if you enable NTLM authentication and either
+
+ A - pass in a user name and domain name to libcurl that together are longer
+ than 192 bytes
+
+ B - allow (lib)curl to follow HTTP "redirects" (Location: and the
+ appropriate HTTP 30x response code) and the new URL contains a URL with
+ a user name and domain name that together are longer than 192 bytes
+
+ See http://curl.haxx.se/docs/security.html for further details and updates
+
Daniel (5 October 2005)
- Darryl House reported a problem with using -z to download files from FTP.
It turned out that if the given time stamp was exact the same as the remote
View
@@ -5,7 +5,7 @@ Curl and libcurl 7.15.0
Available command line options: 109
Available curl_easy_setopt() options: 124
Number of public functions in libcurl: 46
- Amount of public web site mirrors: 25
+ Amount of public web site mirrors: 24
Number of known libcurl bindings: 32
Number of contributors: 451
@@ -16,6 +16,7 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o user+domain name buffer overflow in the NTLM code (security flaw)
o -z over FTP now considers equal timestamps "not modified since"
o Weird characters removed from the configure script
o Fixed time zone offsets for MEST and CEST for the time parser

0 comments on commit 96cec4d

Please sign in to comment.