关键信息 CVE Request: CVE Request for a security issue in cURL / mingw32-CURL. Security Issue: cURL v7.21.2 addressed a specific security flaw for operating systems that use backslashes to separate directories and filenames. This could allow remote servers to create or overwrite files via a Content-Disposition header. Affected Systems: Microsoft Windows, Novell Netware, MSDOS, OS/2, and Symbian. Patch: An upstream patch is available at (http://curl.haxx.se/curl-content-disposition.patch). Credit: Dan Fandrich is acknowledged as the original reporter. Red Hat Bugzilla: The issue is tracked in Red Hat's Bugzilla at (https://bugzilla.redhat.com/show_bug.cgi?id=642642). Date: Wed, 13 Oct 2010 15:47:41 +0200. Sender: Jan Lieskovsky (Red Hat Security Response Team).