libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823

``` libcurl contains a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. ``` The issue was reported to the project on 18 January 2019. A patch was sent to me on 19 January 2019. curl 7.64.0 was released on 6 January 2019. https://curl.haxx.se/docs/CVE-2019-3823.html ## Impact If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer.