On 1/12/22 12:33, Daniel Stenberg via curl-library wrote:
Hi team,

Just a FYI:

Yesterday, Microsoft published information[1] and upgrade details for fixing their version of curl in regards to the problem called CVE-2021-22947 that we reported back in September 2021 [2].

In their great wisdom, without asking us or reading our description, they decided this is a "Remote Code Execution Vulnerability".

I obviously disagree with that description.

Me too !

But it's really not the first time they do something wrong about security :-( What did you expect after all these years of erring ?...

;-)

--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Reply via email to