From owner-freebsd-security@FreeBSD.ORG Wed Mar 4 14:55:45 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A1C110656DC for ; Wed, 4 Mar 2009 14:55:45 +0000 (UTC) (envelope-from db@danielbond.org) Received: from mail.nsn.no (mailtwo.nsn.no [62.89.38.161]) by mx1.freebsd.org (Postfix) with SMTP id E3F6C8FC22 for ; Wed, 4 Mar 2009 14:55:44 +0000 (UTC) (envelope-from db@danielbond.org) Received: (qmail 83641 invoked by uid 0); 4 Mar 2009 14:29:04 -0000 Received: from unknown (HELO ?172.16.3.90?) (85.95.44.187) by mail.nsn.no with SMTP; 4 Mar 2009 14:29:04 -0000 Message-Id: <268B6D1D-474F-4D59-AA2D-C495F2F55B67@danielbond.org> From: Daniel Bond To: roam@FreeBSD.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 4 Mar 2009 15:29:04 +0100 X-Mailer: Apple Mail (2.930.3) Cc: freebsd-security@freebsd.org Subject: New CURL Advisory (fixed in 7.19.4) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 14:55:45 -0000 Hi, Noticed quite an ugly bug in CURL today: http://curl.haxx.se/docs/adv_20090303.html .. If you didn't see this allready :) here is also the CVE entry for it: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037 Thanks to the freebsd security team for doing great work, and Neil Blakey-Milner for maintaining this port. Cheers! DB.