Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: curl in Windows found vulnerable by scanners
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Spork Schivago via curl-users <curl-users_at_lists.haxx.se>
Date: Wed, 1 Nov 2023 18:50:57 -0400
On Wed, Nov 1, 2023, 18:31 Daniel Stenberg via curl-users <
curl-users_at_lists.haxx.se> wrote:
> Hello
>
> People keep emailing me about their security scanners finding that the
> curl
> tool version shipped in Windows contains several CVEs. (It still ships
> curl
> 8.0.1)
>
> I'm afraid that all parts of Windows, including the bundled curl tool, is
> managed by and shipped by Microsoft. Only they can upgrade Windows - and
> in
> this aspect curl is to be counted as a part of that.
>
> This email is posted here as an attempt to reach more people with this
> information.
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
So for possible remediations to these vulnerabilities with curl 8.0.1 that
is bundled with Windows, we should reach out to Microsoft?
Thanks!
Date: Wed, 1 Nov 2023 18:50:57 -0400
On Wed, Nov 1, 2023, 18:31 Daniel Stenberg via curl-users <
curl-users_at_lists.haxx.se> wrote:
> Hello
>
> People keep emailing me about their security scanners finding that the
> curl
> tool version shipped in Windows contains several CVEs. (It still ships
> curl
> 8.0.1)
>
> I'm afraid that all parts of Windows, including the bundled curl tool, is
> managed by and shipped by Microsoft. Only they can upgrade Windows - and
> in
> this aspect curl is to be counted as a part of that.
>
> This email is posted here as an attempt to reach more people with this
> information.
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
> Etiquette: https://curl.se/mail/etiquette.html
So for possible remediations to these vulnerabilities with curl 8.0.1 that
is bundled with Windows, we should reach out to Microsoft?
Thanks!
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-11-01