Originally posted by Danny3
View Post
Announcement
Collapse
No announcement yet.
Curl Preps For "Probably The Worst Curl Security Flaw In A Long Time"
Collapse
X
-
Originally posted by quaz0r View Post
If you so desperately need your compiler to help you count so that your program functions somewhat properly maybe, then you don't need Rust.
- Likes 1
Comment
-
Originally posted by rene View PostAt least they handle it way more professional than FSF's GNU Glibc, ... https://www.youtube.com/watch?v=QovmkJzr7vU
- Likes 1
Comment
-
Debian just backported fixes for both CVEs:
curl (8.3.0-3) unstable; urgency=high
* Add patches to fix CVE-2023-38545 and CVE-2023-38546
-- Samuel Henrique <[email protected]> Thu, 05 Oct 2023 22:26:40 +0100
Comment
-
Yeah, in the openSUSE Build Service the new version has already been published and is in the review process:
I haven't checked if any news have been officially been published on what the vulnerabilities actually are, but the merge log gives some hints:
* Security fixes:
- SOCKS5 heap buffer overflow [bsc#1215888, CVE-2023-38545]
- cookie injection with none file [bsc#1215889, CVE-2023-38546]
/edit: The announcement in the curl Github repo was in fact updated with descriptions of the vulnerabilities:
Last edited by Arthus; 11 October 2023, 06:42 AM.
Comment
-
Originally posted by quaz0r View Post
Or god forbid just learn to code. Or learn to care enough to take the time to not just shit out whatever inaccurate garbage falls out your backside and call it good until something goes wrong.
If you so desperately need your compiler to help you count so that your program functions somewhat properly maybe, then you don't need Rust. You need to select a different career/hobby.
Every expierienced software engineer will tell you security is hard.
- Likes 1
Comment
Comment