Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"From there to here, from here to there, funny things are everywhere." -- Dr. Seuss

computers / comp.sys.tandem / ITUGLIB Update: Curl 8.4.0 (Important)

SubjectAuthor
o ITUGLIB Update: Curl 8.4.0 (Important)Randall

1
ITUGLIB Update: Curl 8.4.0 (Important)

<21aa5ae7-69cc-4863-815f-e6f04bbb028bn@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=746&group=comp.sys.tandem#746

  copy link   Newsgroups: comp.sys.tandem
X-Received: by 2002:a05:620a:409:b0:774:22d7:768c with SMTP id 9-20020a05620a040900b0077422d7768cmr353789qkp.5.1697056739946;
Wed, 11 Oct 2023 13:38:59 -0700 (PDT)
X-Received: by 2002:a05:6870:8093:b0:1e9:7e8c:570a with SMTP id
q19-20020a056870809300b001e97e8c570amr2000745oab.7.1697056739769; Wed, 11 Oct
2023 13:38:59 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.sys.tandem
Date: Wed, 11 Oct 2023 13:38:59 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=2607:fea8:3fa9:4200:ad2d:24a1:4eaf:e903;
posting-account=6VebZwoAAAAgrpUtsowyjrKRLNlqxnXo
NNTP-Posting-Host: 2607:fea8:3fa9:4200:ad2d:24a1:4eaf:e903
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <21aa5ae7-69cc-4863-815f-e6f04bbb028bn@googlegroups.com>
Subject: ITUGLIB Update: Curl 8.4.0 (Important)
From: rsbecker@nexbridge.com (Randall)
Injection-Date: Wed, 11 Oct 2023 20:38:59 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 2034
 by: Randall - Wed, 11 Oct 2023 20:38 UTC

Hi Everyone,

Somewhat quick turnaround on this release. I was notified at 2am today about it, and curl 8.4.0 is now on the ITUGLIB website. My sense is that this release resulted from the CVE discussed below.

There are a lot of fixes in this release, so please upgrade if you can.

Most importantly, CVE-2023-38545, described here https://curl.se/docs/CVE-2023-38545.html, reported on 30 Sept 2023 is fixed in this release. This is a High Severity vulnerability relating to SOCKS5 that you should review for your environment overall.

The usual builds for TNS/E, TNS/X+V are there for OpenSSL 3.0, 1.1.1, and 1..0.2, are present. Note that you can use the OpenSSL 3.0 build with OpenSSL 3.1 because those two are have binary compatible DLLs. No build is done for OpenSSL 3.2 until that moves into a more stable state (currently at alpha2).

Regards,
Randall Becker
On Behalf of the ITUGLIB Technical Committee

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor