From owner-freebsd-security@FreeBSD.ORG Wed Mar 4 16:49:17 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E9DF6106564A for ; Wed, 4 Mar 2009 16:49:17 +0000 (UTC) (envelope-from roam@ringlet.net) Received: from straylight.ringlet.net (office.hoster.bg [78.90.131.77]) by mx1.freebsd.org (Postfix) with SMTP id A048A8FC1B for ; Wed, 4 Mar 2009 16:49:16 +0000 (UTC) (envelope-from roam@ringlet.net) Received: (qmail 1372 invoked by uid 1000); 4 Mar 2009 16:22:32 -0000 Date: Wed, 4 Mar 2009 18:22:31 +0200 From: Peter Pentchev To: Daniel Bond Message-ID: <20090304162231.GA1043@straylight.m.ringlet.net> References: <268B6D1D-474F-4D59-AA2D-C495F2F55B67@danielbond.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: <268B6D1D-474F-4D59-AA2D-C495F2F55B67@danielbond.org> User-Agent: Mutt/1.5.19 (2009-01-05) Cc: freebsd-security@freebsd.org Subject: Re: New CURL Advisory (fixed in 7.19.4) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Mar 2009 16:49:18 -0000 --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 04, 2009 at 03:29:04PM +0100, Daniel Bond wrote: > Hi, >=20 > Noticed quite an ugly bug in CURL today: > http://curl.haxx.se/docs/adv_20090303.html=20 > .. If you didn't see this allready :) >=20 > here is also the CVE entry for it: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2009-0037 >=20 > Thanks to the freebsd security team for doing great work, and Neil =20 > Blakey-Milner for maintaining this port. Yes, thanks for reporting this :) Actually, Mark Foster had already filed a PR about this, and I committed the VuXML entry a while ago. I'll update the curl port ASAP now. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@space.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmuqscACgkQ7Ri2jRYZRVMa2QCeIQmyWEwHJrYO+Ntnb/XLISad Q1kAoJFUSeS7KdSc31GLEWM7orXyFIrn =/bK7 -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--