Hi team, Just a FYI:
Yesterday, Microsoft published information[1] and upgrade details for fixing their version of curl in regards to the problem called CVE-2021-22947 that we reported back in September 2021 [2].
In their great wisdom, without asking us or reading our description, they decided this is a "Remote Code Execution Vulnerability".
I obviously disagree with that description. [1] = https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-22947 [2] = https://curl.se/docs/CVE-2021-22947.html -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
