daniel:// stenberg://

1 year ago • •

daniel:// stenberg://
1 year ago • •

Again NVD lists the wrong info for a #curl advisory in https://nvd.nist.gov/vuln/detail/CVE-2023-27538 which now has the ripple effect that #Debian also lists the wrong versions as affected, in https://security-tracker.debian.org/tracker/CVE-2023-27538

I wish more orgs just read our canonical sources instead.

CVE-2023-27538

^{security-tracker.debian.org}

This entry was edited (1 year ago)

in reply to daniel:// stenberg://

daniel:// stenberg://

in reply to daniel:// stenberg:// • 1 year ago • •

I've complained at NVD, I've submitted an update request of the CVE metadata to MITRE. What a broken system this is.

in reply to daniel:// stenberg://

daniel:// stenberg://

in reply to daniel:// stenberg:// • 1 year ago • •

someone, somewhere, obviously just manually edited the description that we provided for this flaw, and that manual edit was incorrect and inserted this error into the text.

Unknown parent

daniel:// stenberg://

Unknown parent • 1 year ago • •

@beekir yet we somehow fool ourselves into believing we have systems nowadays to better handle these things...

⇧

daniel:// stenberg://

daniel:// stenberg:// 1 year ago • •

CVE-2023-27538

daniel:// stenberg://

daniel:// stenberg://

daniel:// stenberg://

daniel:// stenberg://
1 year ago • •