daniel:// stenberg://

2 years ago

daniel:// stenberg://
2 years ago

Again NVD lists the wrong info for a #curl advisory in nvd.nist.gov/vuln/detail/CVE-2… which now has the ripple effect that #Debian also lists the wrong versions as affected, in security-tracker.debian.org/tr…

I wish more orgs just read our canonical sources instead.

CVE-2023-27538

^{security-tracker.debian.org}

This entry was edited (2 years ago)

in reply to daniel:// stenberg://

daniel:// stenberg://

in reply to daniel:// stenberg:// 2 years ago

I've complained at NVD, I've submitted an update request of the CVE metadata to MITRE. What a broken system this is.

in reply to daniel:// stenberg://

daniel:// stenberg://

in reply to daniel:// stenberg:// 2 years ago

someone, somewhere, obviously just manually edited the description that we provided for this flaw, and that manual edit was incorrect and inserted this error into the text.

Unknown parent

daniel:// stenberg://

Unknown parent 2 years ago

@beekir yet we somehow fool ourselves into believing we have systems nowadays to better handle these things...

⇧

daniel:// stenberg://

daniel:// stenberg:// 2 years ago • •

CVE-2023-27538

daniel:// stenberg://

daniel:// stenberg://

daniel:// stenberg://

daniel:// stenberg://
2 years ago