Hello everyone,

Please be advised that the curl library, versions 7.26.0 to and including 7.28.1, is vulnerable to a buffer overflow vulnerability. Although the vulnerability is in email-related code (and thus affects the POP3, SMTP and IMAP protocols), a malicious/compromised HTTP server can still redirect a library request to a malicious mail server by using an HTTP redirect to a pop3:// URL.

More information can be found here:

* http://curl.haxx.se/docs/adv_20130206.html
* http://blog.volema.com/curl-rce.html

I am posting this to digitalmars.D.announce, as D's standard library includes bindings and wrappers for the curl library (etc.c.curl and std.net.curl), so D users may be indirectly affected.

Windows users who downloaded a precompiled curl library file from http://dlang.org/download.html shouldn't be affected, as the version of the library linked there (7.24.0) is not vulnerable.