Curl 7.84

[8Geee]

An important revision to cURL is posted here because the first bug was INTRODUCED in version 7.69. The other two are reletively minor.

Rename of cookie file leads to Priviledge escalation.
This bug was introduced in curl 7.69.0. Versions before 7.69.0
DO NOT have this bug.

Improper (or delta) ftp pointer reference causes loss of file
information properties, especially filesize of download.

Do not use " as first pswd charater UNLESS the last character
is also ". Else the pswd will be terminated at a 'space' if
such exists.

Regards
8Geee

[bigpup]

I just checked my install of Fossapup64 9.5

It is using curl v7.68.0

You say Versions before 7.69.0
DO NOT have this bug.

So , I guess I am OK.

[8Geee]

Unless some of the other security stuff 7.69 to 7.83 bothers you, you're good.

[wiak]

This is where distro's based on Arch Linux are good since Arch a rolling release. Arch Linux core release at: curl 7.84.0-1
For this case, Fossa is okay(ish) since it's curl is 'old' at 7.68

[ozsouth]

As I like ScPup64-20.06, I've kept updating openssl, wget & curl (can't get busybox to compile without errors). I did curl 7.83.1 last month, so thanks @8Geee for posting this. I've compiled 7.84 & added it to my ydrv. I needed a script in /etc/init.d to autoremove the older libcurl.so.4.7.0 file.

[dimkr]

This is where distro's based on Arch Linux are good since Arch a rolling release. Arch Linux core release at: curl 7.84.0-1
For this case, Fossa is okay(ish) since it's curl is 'old' at 7.68

It's a double-edged sword. They're the first to update to the new minor release that mitigates a vulnerability, but also the first to adopt a new major release that comes with new features and therefore introduces new vulnerabilities. (And, in some ways, newly-introduced vulnerabilities are more dangerous.)

IMHO, building a Puppy from a rolling release distro (and it doesn't matter if it's Void, Debian Sid or Slackware "current") is not a substitute for proper security and stability updates.