OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: New CURL Advisory (fixed in 7.19.4)

From: Peter Pentchev (roamringlet.net)
Date: Wed Mar 04 2009 - 10:22:31 CST


On Wed, Mar 04, 2009 at 03:29:04PM +0100, Daniel Bond wrote:
> Hi,
>
> Noticed quite an ugly bug in CURL today:
> http://curl.haxx.se/docs/adv_20090303.html
> .. If you didn't see this allready :)
>
> here is also the CVE entry for it:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
>
> Thanks to the freebsd security team for doing great work, and Neil
> Blakey-Milner for maintaining this port.

Yes, thanks for reporting this :) Actually, Mark Foster had already
filed a PR about this, and I committed the VuXML entry a while ago.
I'll update the curl port ASAP now.

G'luck,
Peter

--
Peter Pentchev roamringlet.net roamspace.bg roamFreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
This sentence was in the past tense.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (FreeBSD)

iEYEARECAAYFAkmuqscACgkQ7Ri2jRYZRVMa2QCeIQmyWEwHJrYO+Ntnb/XLISad
Q1kAoJFUSeS7KdSc31GLEWM7orXyFIrn
=/bK7
-----END PGP SIGNATURE-----