1. Forum
  2. Usenet
  3. COMP.SYS.TANDEM

  • ITUGLIB Update: Curl 7.88.0 Available

    From Randall@21:1/5 to All on Thu Feb 16 05:21:42 2023
    Hi Everyone,

    Curl 7.88.0 is now available on the ITUGLIB website in the usual spot. The Change log for this release is at https://curl.se/changes.html#7_88_0 and contains fixes for the following CVEs:

    * CVE-2023-23916: HTTP multi-header compression denial of service from 7.57.0 to 7.87.0
    * CVE-2023-23915: HSTS amnesia with --parallel from 7.77.0 to 7.87.0
    * CVE-2023-23914: HSTS ignored on multiple requests from 7.77.0 to 7.87.0

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Randall on Mon Feb 20 08:40:31 2023
    On Thursday, February 16, 2023 at 8:21:45 a.m. UTC-5, Randall wrote:
    Hi Everyone,

    Curl 7.88.0 is now available on the ITUGLIB website in the usual spot. The Change log for this release is at https://curl.se/changes.html#7_88_0 and contains fixes for the following CVEs:

    * CVE-2023-23916: HTTP multi-header compression denial of service from 7.57.0 to 7.87.0
    * CVE-2023-23915: HSTS amnesia with --parallel from 7.77.0 to 7.87.0
    * CVE-2023-23914: HSTS ignored on multiple requests from 7.77.0 to 7.87.0

    Regards,
    Randall Becker
    On Behalf of the ITUGLIB Technical Committee

    If you haven't already downloaded this, don't bother. An emergency fix is coming imminently (7.88.1). I will post in a separate when it is available - probably later today.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)