Fri Feb 8 03:57:05 UTC 2013
Fixed a few places where lib64 was hardcoded regardless of $ARCH.
Thanks to Heinz Wiesinger.
Upgraded to SDL-1.2.15, SDL_image-1.2.12, SDL_mixer-1.2.12,
SDL_net-1.2.8, and SDL_ttf-2.0.11.
Patched resizing and mouse clicking bugs.
When negotiating SASL DIGEST-MD5 authentication, the function
Curl_sasl_create_digest_md5_message() uses the data provided from the
server without doing the proper length checks and that data is then
appended to a local fixed-size buffer on the stack. This vulnerability
can be exploited by someone who is in control of a server that a libcurl
based program is accessing with POP3, SMTP or IMAP. For applications
that accept user provided URLs, it is also thinkable that a malicious
user would feed an application with a URL to a server hosting code
targeting this flaw.
Affected versions: curl 7.26.0 to and including 7.28.1
For more information, see:
(* Security fix *)