From 06ae8ca5a6e452e5cb555c1a511a9df8dec6657c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 9 Feb 2010 09:35:48 +0000
Subject: - When downloading compressed content over HTTP and the app as asked
 libcurl   to automatically uncompress it with the CURLOPT_ENCODING option,
 libcurl   could wrongly provide the callback with more data than what the
 maximum   documented amount. An application could thus get tricked into
 badness if the   maximum limit was trusted to be enforced by libcurl itself
 (as it is   documented).

  This is further detailed and explained in the libcurl security advisory
  20100209 at

    http://curl.haxx.se/docs/adv_20100209.html
---
 CHANGES | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 34771d2ae..f78b2029d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,19 @@
 
                                   Changelog
 
+Daniel Stenberg (9 Feb 2010)
+- When downloading compressed content over HTTP and the app as asked libcurl
+  to automatically uncompress it with the CURLOPT_ENCODING option, libcurl
+  could wrongly provide the callback with more data than what the maximum
+  documented amount. An application could thus get tricked into badness if the
+  maximum limit was trusted to be enforced by libcurl itself (as it is
+  documented).
+
+  This is further detailed and explained in the libcurl security advisory
+  20100209 at
+
+    http://curl.haxx.se/docs/adv_20100209.html
+
 Daniel Fandrich (3 Feb 2010)
 - Changed the Watcom makefiles to make them easier to keep in sync with
   Makefile.inc since that can't be included directly.
-- 
cgit v1.2.1