On 1/12/22 12:33, Daniel Stenberg via curl-library wrote:
Hi team,
Just a FYI:
Yesterday, Microsoft published information[1] and upgrade details for
fixing their version of curl in regards to the problem called
CVE-2021-22947 that we reported back in September 2021 [2].
In their great wisdom, without asking us or reading our description,
they decided this is a "Remote Code Execution Vulnerability".
I obviously disagree with that description.
Me too !
But it's really not the first time they do something wrong about
security :-( What did you expect after all these years of erring ?...
;-)
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html