cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY] libcurl SASL buffer overflow

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Sun, 10 Feb 2013 17:17:14 +0100

On mer, feb 06, 2013 at 11:24:36 +0100, Daniel Stenberg wrote:
> 4. RECOMMENDATIONS
>
> We suggest you take one of the following actions immediately, in order of
> preference:
>
> A - Upgrade to curl and libcurl 7.29.0
>
> B - Apply this patch and rebuild libcurl
>
> http://curl.haxx.se/curl-sasl.patch

I'm working on adapting the above patch for curl 7.26.0 which is the version
currently in Debian Wheezy (being it in freeze, it's not possible to update to
7.29.0).

Could someone please have a look at the attached patch? Is it enough, or is
there someting I've missed?

Thanks

-- 
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

text/x-diff attachment: 05_curl-sasl-CVE-2013-0249.patch

application/pgp-signature attachment: Digital signature

Received on 2013-02-10

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [SECURITY ADVISORY] libcurl SASL buffer overflow"
Previous message: plot.lost: "Re: SSL handshake problems"
In reply to: Daniel Stenberg: "[SECURITY ADVISORY] libcurl SASL buffer overflow"
Next in thread: Daniel Stenberg: "Re: [SECURITY ADVISORY] libcurl SASL buffer overflow"
Reply: Daniel Stenberg: "Re: [SECURITY ADVISORY] libcurl SASL buffer overflow"
Reply: Steve Holme: "RE: [SECURITY ADVISORY] libcurl SASL buffer overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]