Hello,
I hope this email finds you well. I apologize for the interruption, but I
recently noticed that the CURL website provides both the commit that introduced
CVE-2022-27779[1] and the corresponding patch. However, the MD5 checksums of
the modified files in these two versions do not match[2][3].
I would like to understand the reason for this discrepancy. Could it be that
this vulnerability only exists when the libpsl parameter is set?
I would greatly appreciate any clarification you could provide. Thank you for
your time and assistance.
Best regards.
[1] https://curl.se/docs/CVE-2022-27779.html
[2] Introduce commit: https://github.com/curl/curl/commit/b27ad8e1d3e68e
[3] Patch:
https://github.com/curl/curl/commit/7e92d12b4e6911f424678a133b19de670e183a59
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
