diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2010-02-09 09:35:48 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2010-02-09 09:35:48 +0000 |
| commit | 06ae8ca5a6e452e5cb555c1a511a9df8dec6657c (patch) | |
| tree | 4da3bde9c75aa774767e854132634386f6bac1d3 /CHANGES | |
| parent | d33da42334169ad2a1c94571fc51e3735973097b (diff) | |
| download | curl-06ae8ca5a6e452e5cb555c1a511a9df8dec6657c.tar.gz | |
- When downloading compressed content over HTTP and the app as asked libcurl
to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
could wrongly provide the callback with more data than what the maximum
documented amount. An application could thus get tricked into badness if the
maximum limit was trusted to be enforced by libcurl itself (as it is
documented).
This is further detailed and explained in the libcurl security advisory
20100209 at
http://curl.haxx.se/docs/adv_20100209.html
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -6,6 +6,19 @@ Changelog +Daniel Stenberg (9 Feb 2010) +- When downloading compressed content over HTTP and the app as asked libcurl + to automatically uncompress it with the CURLOPT_ENCODING option, libcurl + could wrongly provide the callback with more data than what the maximum + documented amount. An application could thus get tricked into badness if the + maximum limit was trusted to be enforced by libcurl itself (as it is + documented). + + This is further detailed and explained in the libcurl security advisory + 20100209 at + + http://curl.haxx.se/docs/adv_20100209.html + Daniel Fandrich (3 Feb 2010) - Changed the Watcom makefiles to make them easier to keep in sync with Makefile.inc since that can't be included directly. |