Curl 8.4.0 will be released on October 11 – a fix for a severity HIGH CVE (twitter.com) 27 points by taubek 2y ago ↗ HN
[–] autoexec 2y ago ↗ Here's a link to something other than twitter for those who don't have an account, don't want to login, or don't want to enable javascripthttps://github.com/curl/curl/discussions/12026The CVEs:CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)CVE-2023-38546: severity LOW (affects libcurl only, not the tool)I really wish people would just stop posting submissions to twitter at this point. [–] smilingemoji 2y ago ↗ > I really wish people would just stop posting submissions to twitter at this point.I fully agree. You can also replace twitter.com with nitter.nethttps://nitter.net/bagder/status/1709103920914526525?s=46 [–] pornel 2y ago ↗ Daniel is also on Mastodon: https://mastodon.social/@bagder/111167662713737288 [–] autoexec 2y ago ↗ Mastodon may not require a login, but for some reason it does insist on javascript
[–] smilingemoji 2y ago ↗ > I really wish people would just stop posting submissions to twitter at this point.I fully agree. You can also replace twitter.com with nitter.nethttps://nitter.net/bagder/status/1709103920914526525?s=46 [–] pornel 2y ago ↗ Daniel is also on Mastodon: https://mastodon.social/@bagder/111167662713737288 [–] autoexec 2y ago ↗ Mastodon may not require a login, but for some reason it does insist on javascript
[–] pornel 2y ago ↗ Daniel is also on Mastodon: https://mastodon.social/@bagder/111167662713737288 [–] autoexec 2y ago ↗ Mastodon may not require a login, but for some reason it does insist on javascript
[–] autoexec 2y ago ↗ Mastodon may not require a login, but for some reason it does insist on javascript
[–] jpizzle71 2y ago ↗ Probably stupid question, but what versions of curl does this affect? [–] gray_-_wolf 2y ago ↗ We will know Oct 11 :) [–] jpizzle71 2y ago ↗ Oof, that's a daunting thought.We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(
[–] gray_-_wolf 2y ago ↗ We will know Oct 11 :) [–] jpizzle71 2y ago ↗ Oof, that's a daunting thought.We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(
[–] jpizzle71 2y ago ↗ Oof, that's a daunting thought.We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(
7 comments
[ 5.2 ms ] story [ 74.3 ms ] threadhttps://github.com/curl/curl/discussions/12026
The CVEs:
CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)
CVE-2023-38546: severity LOW (affects libcurl only, not the tool)
I really wish people would just stop posting submissions to twitter at this point.
I fully agree. You can also replace twitter.com with nitter.net
https://nitter.net/bagder/status/1709103920914526525?s=46
We just did a quick snapshot of a small chunk of a customer's environment and they're running 10 different versions of curl in like 15 different images :(