1. Forum
  2. USENET
  3. comp.sys.tandem

  • ITUGLIB Update: Curl 8.5.0 Available

    From Randall@rsbecker@nexbridge.com to comp.sys.tandem on Wed Dec 6 14:58:19 2023
    From Newsgroup: comp.sys.tandem

    Hi Everyone,
    Curl 8.5.0 is now available on the ITUGLIB website. This release fixes a bunch of issues, including two CVEs:
    https://curl.se/docs/CVE-2023-46218.html - cookie mixed case PSL bypass https://curl.se/docs/CVE-2023-46219.html - HSTS long file name clears contents Release notes are at: https://curl.se/changes.html
    The builds for Curl are for J-series and L-series, for OpenSSL 3.0/1, 1.1.1, and 1.0.2. Note that 1.1.1 and 1.0.2 are not supported unless you have an extended support contract with OpenSSL. There is no build yet for OpenSSL 3.2 as this release does not work yet on NonStop. Once it does, we will start building Curl for that release series. Note that OpenSSL 3.0 and 3.1 DLLs are binary compatible, so you can use either with the Curl OpenSSL 3.0 builds.
    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee
    --- Synchronet 3.21d-Linux NewsLink 1.2