On Mon, 16 Mar 2020, Daniel Stenberg via curl-users wrote:
When first realizing this, the curl team tried to filter out such attempts in order to protect applications for inadvertent probes of for example internal networks etc. This resulted in CVE-2019-15601 and the associated security fix.
Due to this, I'm going to backpedal further on CVE-2019-15601 and no longer list it on the site as a security problem on the security page [1] and the page listing previous vulnerabilities [2]. (I'll commit that change in a minute so the change will take affect within the hour.)
The page describing CVE-2019-15601 [3] will remain on the site for reference and historical reasons.
I need to come up with a place to link to it so that it can be found. Perhaps a new section for "redacted security problems" - which ideally should never get another entry added to it.
[1] = https://curl.haxx.se/docs/security.html [2] = https://curl.haxx.se/docs/vulnerabilities.html [3] = https://curl.haxx.se/docs/CVE-2019-15601.html -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://www.wolfssl.com/contact/ ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
