Fixed in 7.65.0 - May 22 2019

•CVE-2019-5435: Integer overflows in curl_url_set

•CVE-2019-5436: tftp: use the current blksize for recvfrom()

Fixed in 7.64.0 - February 6 2019

•CVE-2018-16890: NTLM type-2 out-of-bounds buffer read

•CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow

•CVE-2019-3823: SMTP end-of-response out-of-bounds read