cURL / Mailing Lists / curl-library / Single Mail


Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Dan Fandrich <>
Date: Sun, 30 Mar 2014 22:04:54 +0200

On Sun, Mar 30, 2014 at 03:34:49PM +0200, Alessandro Ghedini wrote:
> I've been trying to backport that patch to curl 7.26.0 (used in Debian stable),
> but I've noticed that the connection reuse has changed drastically since then,
> and that patch doesn't seem to be enough to fix the issue (in fact, it actually
> breaks the test suite, since test 519 freezes for some reason). I haven't even
> tried to backport it to Debian oldstable (7.21.0).
> Is there someone that successfully backported it to something pre-7.30.0, or
> should I just give up?

I posted a patch set for 7.28.1 two days ago under the title "Regression on FTP
connections with --anyauth".

>>> Dan
List admin:
Received on 2014-03-30