Skip to main content

mastodon - Link to source
I have no less than 72 old (2017 and earlier) #curl security advisories that I want to assign a severity: Low/Medium/High/Critical. It's a very manual labor but here is my initial take that could use more eyes: github.com/curl/curl-www/pull/…

docs: add Severity to sec advisories missing them by bagder · Pull Request #256 · curl/curl-www

This is a manual work and I am using my own "best effort" by manually reading the descriptions, checking the conditions for them to trigger and comparing with how other projects grade similar probl...
GitHub
#curl
in reply to Jimmy Sjölund

daniel:// stenberg://
mastodon - Link to source
daniel:// stenberg://
@jimmysjolund the severity is usually set at the time for the conditions when reported and using that version. So no, I think many of them are worse than Medium...
@Jimmy Sjölund
in reply to MaMü

daniel:// stenberg://
mastodon - Link to source
daniel:// stenberg://
@mamue @jimmysjolund by knowing the history we can learn more from it. Having more a detailed view of the past allows me to draw better graphs of development and changes over time. Also: more data draws a more complete picture and help educating users.
@Jimmy Sjölund @MaMü