Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add warnings about FILE: URLs on Windows #5066

Closed
wants to merge 2 commits into from

Conversation

@bagder
Copy link
Member

@bagder bagder commented Mar 10, 2020

  • --url man page section
  • libcurl-security.3 gets the full text
  • CURLOPT_URL.3

Reported-by: Tim Sedlmeyer (via hackerone)


I intend to also:

  • send a special "warning" to the curl-library mailing list
  • blog about it
  • update the CVE-2019-15601 description to backpedal accordingly

I want to merge/post this information (no earlier than) March 16th to not make it get lost too much in the regular release noise this week.

To discuss: should we retract CVE-2019-15601 from the list of curl vulnerabilities or doesn't it matter?

 - --url man page section
 - libcurl-security.3 gets the full text
 - CURLOPT_URL.3

Reported-by: Tim Sedlmeyer
docs/cmdline-opts/url.d Outdated Show resolved Hide resolved
@kdudka
kdudka approved these changes Mar 10, 2020
Copy link
Collaborator

@kdudka kdudka left a comment

Nice reading.

@bagder
Copy link
Member Author

@bagder bagder commented Mar 13, 2020

I'll merge now, and announce per mail and blog on Monday.

@bagder
Copy link
Member Author

@bagder bagder commented Mar 13, 2020

Merged 0845ecb

@bagder bagder closed this Mar 13, 2020
@bagder bagder deleted the bagder/windows-file-warning branch Mar 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.