curl 7.19

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

curl: HTTP authentication leak in redirects

curl: FTP path trickery leads to NIL byte out of bounds write

curl: heap buffer overflow in function tftp_receive_packet()

curl: POST following PUT confusion

curl: TELNET option IAC injection

curl: SFTP path ~ resolving discrepancy

curl: TFTP receive heap buffer overflow in tftp_receive_packet() function

curl: TLS and SSH connection too eager reuse

gzip integer overflow

curl: NTLM credentials not-checked for proxy connection re-use

curl: local file access via unsafe redirects

curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs

wrong proxy connection reuse with credentials

bad reuse of HTTP Negotiate connection

curl: auth/cookie leak on redirect

curl: wrong re-use of connections in libcurl

broken TLS options for threaded LDAPS

curl: printf floating point buffer overflow

curl: FTP-KRB bad message verification

curl: Use-after-free triggered by an HTTP proxy deny response

curl: siglongjmp race condition may lead to crash

curl: IDN wildcard match may lead to Improper Cerificate Validation

curl: IP address wildcard certificate validation issue in libcurl

curl: credential leak on redirect

curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

curl: IDNA 2003 makes curl use wrong host

curl: Invalid URL parsing with '#'

curl: curl_getdate out-of-bounds read

curl: Double-free in krb5 code

curl: Double-free in curl_maprintf

curl: Cookie injection for other servers

curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure

curl: more POST-after-PUT confusion

curl: Cookie domain suffix match vulnerability

curl: incorrect handling of IP addresses in cookie domain

curl: re-using authenticated connection when unauthenticated

curl: Negotiate not treated as connection-oriented

curl: sensitive HTTP server headers also sent to proxies

curl: Heap-based buffer over-read in the curl tool warning formatting

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

curl: TLS/SSL certificate name check disabled with peer verification

curl: re-use of wrong HTTP NTLM connection in libcurl

curl: Case insensitive password comparison

curl: FTP PASV command response can cause curl to connect to arbitrary host

curl: Bad connection reuse due to flawed path name checks

curl: Incorrect handling of control code characters in cookies

curl: Use-after-free via shared cookies

curl: Out-of-bounds write via unchecked multiplication

curl: TELNET stack contents disclosure

curl: --write-out out of bounds read