From: "Lewis G Rosenthal" Received: from [192.168.100.201] (account lgrosenthal@2rosenthals.com HELO [192.168.100.22]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 11700410 for gnuports@2rosenthals.com; Fri, 03 Jan 2025 12:54:30 -0500 To: GNU Ports for eCS Mailing List Subject: cURL vulnerabilities Organization: Rosenthal & Rosenthal, LLC Message-ID: <67782455.2030504@2rosenthals.com> Date: Fri, 3 Jan 2025 12:54:29 -0500 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, all... Can it really be that nobody has built a newer cURL than 7.75.0 (Feb 2021)? I have just become aware that there was a particularly nasty CVE: https://curl.se/docs/CVE-2024-7264.html which impacts all versions from 7.32.0 through 8.9.0. Trying to build 8.11.1 (latest), I didn't get very far (nothing useful). Before I dive into it, I was just wondering if anyone else had had any greater success. 7.75.0 seems quite outdated for something with security implications. TIA -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------