Mailing List gnuports@2rosenthals.com Archived Message #45 previous message next message back to list

From: "Lewis G Rosenthal" <gnuports@2rosenthals.com> Full Headers
Undecoded message
Subject: cURL vulnerabilities
Date: Fri, 3 Jan 2025 12:54:29 -0500
To: GNU Ports for eCS Mailing List <gnuports@2rosenthals.com>

Hi, all...

Can it really be that nobody has built a newer cURL than 7.75.0 (Feb 2021)?

I have just become aware that there was a particularly nasty CVE:

https://curl.se/docs/CVE-2024-7264.html

which impacts all versions from 7.32.0 through 8.9.0.

Trying to build 8.11.1 (latest), I didn't get very far (nothing useful). Before I dive into it, I was just wondering if anyone else had had any greater success. 7.75.0 seems quite outdated for something with security implications.

TIA

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
-------------------------------------------------------------
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster