diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2010-02-09 10:06:48 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2010-02-09 10:06:48 +0000 |
| commit | f2f07dad3451d1f63b56d3de0b43160c39d275d7 (patch) | |
| tree | 13b975f3b5b67ca50f11da1863bda3e85b82d480 | |
| parent | 06ae8ca5a6e452e5cb555c1a511a9df8dec6657c (diff) | |
| download | gnurl-curl-7_20_0.tar.gz gnurl-curl-7_20_0.tar.bz2 gnurl-curl-7_20_0.zip | |
spell and 7.20.0curl-7_20_0
| -rw-r--r-- | CHANGES | 13 |
1 files changed, 7 insertions, 6 deletions
@@ -6,13 +6,14 @@ Changelog +Version 7.20.0 (9 February 2010) + Daniel Stenberg (9 Feb 2010) -- When downloading compressed content over HTTP and the app as asked libcurl - to automatically uncompress it with the CURLOPT_ENCODING option, libcurl - could wrongly provide the callback with more data than what the maximum - documented amount. An application could thus get tricked into badness if the - maximum limit was trusted to be enforced by libcurl itself (as it is - documented). +- When downloading compressed content over HTTP and the app asked libcurl to + automatically uncompress it with the CURLOPT_ENCODING option, libcurl could + wrongly provide the callback with more data than the maximum documented + amount. An application could thus get tricked into badness if the maximum + limit was trusted to be enforced by libcurl itself (as it is documented). This is further detailed and explained in the libcurl security advisory 20100209 at |