curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Warning: using file:// on Windows with curl

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 17 Mar 2020 09:08:39 +0100 (CET)

On Mon, 16 Mar 2020, Daniel Stenberg via curl-users wrote:

> When first realizing this, the curl team tried to filter out such attempts
> in order to protect applications for inadvertent probes of for example
> internal networks etc. This resulted in CVE-2019-15601 and the associated
> security fix.

Due to this, I'm going to backpedal further on CVE-2019-15601 and no longer
list it on the site as a security problem on the security page [1] and the
page listing previous vulnerabilities [2]. (I'll commit that change in a
minute so the change will take affect within the hour.)

The page describing CVE-2019-15601 [3] will remain on the site for reference
and historical reasons.

I need to come up with a place to link to it so that it can be found. Perhaps
a new section for "redacted security problems" - which ideally should never
get another entry added to it.

[1] = https://curl.haxx.se/docs/security.html
[2] = https://curl.haxx.se/docs/vulnerabilities.html
[3] = https://curl.haxx.se/docs/CVE-2019-15601.html

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-03-17