1. Forum
  2. USENET
  3. comp.sys.tandem

  • ITUGLIB Update: Curl 7.88.0 Available

    From Randall@rsbecker@nexbridge.com to comp.sys.tandem on Thu Feb 16 05:21:42 2023
    From Newsgroup: comp.sys.tandem

    Hi Everyone,

    Curl 7.88.0 is now available on the ITUGLIB website in the usual spot. The Change log for this release is at https://curl.se/changes.html#7_88_0 and contains fixes for the following CVEs:

    * CVE-2023-23916: HTTP multi-header compression denial of service from 7.57.0 to 7.87.0
    * CVE-2023-23915: HSTS amnesia with --parallel from 7.77.0 to 7.87.0
    * CVE-2023-23914: HSTS ignored on multiple requests from 7.77.0 to 7.87.0

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Randall@rsbecker@nexbridge.com to comp.sys.tandem on Mon Feb 20 08:40:31 2023
    From Newsgroup: comp.sys.tandem

    On Thursday, February 16, 2023 at 8:21:45 a.m. UTC-5, Randall wrote:
    Hi Everyone,

    Curl 7.88.0 is now available on the ITUGLIB website in the usual spot. The Change log for this release is at https://curl.se/changes.html#7_88_0 and contains fixes for the following CVEs:

    * CVE-2023-23916: HTTP multi-header compression denial of service from 7.57.0 to 7.87.0
    * CVE-2023-23915: HSTS amnesia with --parallel from 7.77.0 to 7.87.0
    * CVE-2023-23914: HSTS ignored on multiple requests from 7.77.0 to 7.87.0

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee

    If you haven't already downloaded this, don't bother. An emergency fix is coming imminently (7.88.1). I will post in a separate when it is available - probably later today.
    --- Synchronet 3.21d-Linux NewsLink 1.2