On Tue, 25 Mar 2025, 陈星杵 via curl-library wrote:
Sorry, I expressed myself incorrectly. I mean that the file in the patch was
inconsistent with the file in the introduce commit.[1] [2]
So let me get this clear: you are saying that the bug was introduced by
changing one file and the subsequent fix was done by changing another file and
you are asking if this is correct?
The CVE details document when the bug was introduced and how we fixed it. If
you think that is wrong then I think you should try to prove that or provide
reasoning to back that up. Just the fact that the bug and the fix were done in
different files seem to be a completely irrelevant argument.
I believe that data to be correct and I have seen nothing that contridicts
this belief.
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
