On Sat, 10 Dec 2005, Martin Schulze wrote:
7.9.5-1 is not affected either.
Are you sure? Even though the code is quite different, the buffer extension
part of the patch also applied to the woody package.
Since 7.9.5 is way older than the particular code that this problem concerns,
it just _can't_ be vulnerable to this. It might be vulnerable to similar
things, but not exactly this.
It seems we have never talked about CVE-2005-3185 before. And even worse,
when I checked I didn't find the offending file in the archive.
I'm not sure what that means, but Domenico got informed about CVE-2005-3185
within hours after I did, and his curl 7.15.0-1 release mentions it and the
closing of the corresponding debian bug report: #333734
--
-=- Daniel Stenberg -=- http://daniel.haxx.se -=-
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
