This is the mail archive of the
cygwin-talk
mailing list for the cygwin project.
RE: SECURITY: curl (CVE-2006-1061)
- From: "Dave Korn" <dave dot korn at artimi dot com>
- To: "'hax0red!'" <cygwin-talk at cygwin dot com>
- Date: Fri, 24 Mar 2006 11:50:55 -0000
- Subject: RE: SECURITY: curl (CVE-2006-1061)
- Reply-to: The Cygwin-Talk Malingering List <cygwin-talk at cygwin dot com>
On 24 March 2006 02:26, Yaakov S (Cygwin Ports) wrote:
> libcurl is affected by a buffer overflow in the handling of URLs for
> the TFTP protocol, which could be exploited to compromise a user's
> system.
>
> Solution: upgrade to 7.15.3.
>
> More information:
> http://security.gentoo.org/glsa/glsa-200603-19.xml
> http://curl.haxx.se/docs/adv_20060320.html
>
>
> Yaakov
New packages prepared - please upload from
tftp://www.evil.com/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAÂâÃÃÂÃÅÃÃÃÚÝÃÃÃ;|ÇAAA$%^()%$^&$"<V<YfassfaÂ$<Â7dfplphH$%^>h,.pf,hef%<ÇÂÂÂ$%>"Y52y54y2y92hj4522546844252e/bin/sh
;) muahahahahaaaaaa!
cheers,
DaveK
--
Can't think of a witty .sigline today....