#8272 closed enhancement (fixed)
curl-7.50.2
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 8.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version
Security Release!
Fixed in 7.50.2 - September 7 2016 Bugfixes: mbedtls: Added support for NTLM SSH: fixed SFTP/SCP transfer problems multi: make Curl_expire() work with 0 ms timeouts mk-ca-bundle.pl: -m keeps ca cert meta data in output TFTP: Fix upload problem with piped input CURLOPT_TCP_NODELAY: now enabled by default mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined http2: always wait for readable socket cmake: Enable win32 large file support by default cmake: Enable win32 threaded resolver by default winbuild: Avoid setting redundant CFLAGS to compile commands curl.h: make CURL_NO_OLDIES define CURL_STRICTER docs: make more markdown files use .md extension docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown winbuild: Allow changing C compiler via environment variable CC rtsp: accept any RTSP session id HTTP: retry failed HEAD requests on reused connections too configure: add zlib search with pkg-config openssl: accept subjectAltName iPAddress if no dNSName match MANUAL: Remove invalid link to LDAP documentation socks: improved connection procedure proxy: reject attempts to use unsupported proxy schemes proxy: bring back use of "Proxy-Connection:" curl: allow "pkcs11:" prefix for client certificates spnego_sspi: fix memory leak in case *outlen is zero SOCKS: improve verbose output of SOCKS5 connection sequence SOCKS: display the hostname returned by the SOCKS5 proxy server http/sasl: Query authentication mechanism supported by SSPI before using sasl: Don't use GSSAPI authentication when domain name not specified win: Basic support for Universal Windows Platform apps nss: fix incorrect use of a previously loaded certificate from file nss: work around race condition in PK11_FindSlotByName() ftp: fix wrong poll on the secondary socket openssl: build warning-free with 1.1.0 (again) HTTP: stop parsing headers when switching to unknown protocols test219: Add http as a required feature TLS: random file/egd doesn't have to match for conn reuse schannel: Disable ALPN for Wine since it is causing problems http2: make sure stream errors don't needlessly close the connection http2: return CURLE_HTTP2_STREAM for unexpected stream close darwinssl: --cainfo is intended for backward compatibility only speed caps: not based on average speeds anymore configure: make the cpp -P detection not clobber CPPFLAGS http2: use named define instead of magic constant in read callback http2: skip the content-length parsing, detect unknown size http2: return EOF when done uploading without known size darwinssl: test for errSecSuccess in PKCS12 import rather than noErr openssl: fix CURLINFO_SSL_VERIFYRESULT
https://curl.haxx.se/docs/adv_20160907.html
CVE-2016-7141
Change History (3)
comment:1 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r17744