cURL / Mailing Lists / curl-library / Single Mail


Re: Regression on FTP connections with --anyauth

From: Daniel Stenberg <>
Date: Tue, 25 Feb 2014 22:49:00 +0100 (CET)

On Mon, 24 Feb 2014, Dan Fandrich wrote:

> It's probably worthwhile updating the security advisory at
> as it advocates applying just
> commit 8ae35102 as a fix to the original security issue. By my reckoning,
> the fix should be 8ae35102 followed by 378af08c followed by d7650998. The
> 7.27.0 patch at suffers from
> the same problem.

I agree completely, we really should. I'll try to create an amended version of
the patches that take the subsequent fixes into account as well. When I get
home again with some cycles to spare... Unless someone does it before me of

List admin:
Received on 2014-02-25