FTP shutdown response buffer overflow
=
Project curl Security Advisory, May 16th 2018 -
[Permalink](https://curl.haxx.se/docs/adv_2018-82c2.html)
VULNERABILITY
-
curl might overflow a heap based memory buffer when closing down an FTP
connection
Hi!
I'm happy and proud to tell you that curl 7.60.0 has now been packaged and
released. This time, we're announcing two new security advisories in sync with
this release.
As always, get the latest release and all associated information from
https://curl.haxx.se
Curl and libcurl 7.60.0
Hi,
I have a question concerning the Mozilla CA Certificates bundle
encoding and a proposal for supporting in-memory certificates.
On this page:
https://curl.haxx.se/docs/caextract.html
it is possible to download one of several PEM files containing
the Mozilla CA Certificates bundle. In
On Wed, 16 May 2018, Zach van Rijn wrote:
two entries (lines 1171 and 2638 respectively) have comments that are in
UTF-8, which I noticed today, pasted below for reference:
...
Should these be converted [via 'mk-ca-bundle'], ignored [leave the file
as-is] or some other option?
I think
RTSP bad headers buffer over-read
=
Project curl Security Advisory, May 16th 2018 -
[Permalink](https://curl.haxx.se/docs/adv_2018-b138.html)
VULNERABILITY
-
curl can be tricked into reading data beyond the end of a heap based buffer
used to store
On Thu, 2018-05-17 at 00:51 +0200, Daniel Stenberg wrote:
> On Wed, 16 May 2018, Zach van Rijn wrote:
>
> > ...
>
> I think that as long as nobody reports a problem with them
> being left as-is we can just let them be. Unless someone feels
> an urge to dig in and figure out what the "right" way