Post ApcXAZscAMDG7uRkSu by jeroen@secluded.ch
 (DIR) More posts by jeroen@secluded.ch
 (DIR) Post #ApcWynG4bFd88ynf2e by bagder@mastodon.social
       2024-12-31T11:50:21Z
       
       0 likes, 1 repeats
       
       the 500th hackerone report to #curl,  received 20 hours ago, is a confirmed security issue. Severity LOW. To be announced with the next curl release on February 5, 2025.This one hurts my ego. Again.
       
 (DIR) Post #ApcWytORn1tTAglQvY by bagder@mastodon.social
       2024-12-31T12:15:53Z
       
       0 likes, 0 repeats
       
       what are the chances we can reserve -2025-0001 ? 😁
       
 (DIR) Post #ApcWyxrJBfMB1MIXT6 by bagder@mastodon.social
       2024-12-31T23:33:31Z
       
       0 likes, 0 repeats
       
       CVE-2025-0167 registered just a few minutes into the new year... (in my time zone)
       
 (DIR) Post #ApcXAZscAMDG7uRkSu by jeroen@secluded.ch
       2024-12-31T11:55:13Z
       
       1 likes, 0 repeats
       
       @bagder if it hurt your ego, it is a bug you will not make again and lesson learnt ;)  I tend to read CVEs and more the fixes to learn what classes of bugs are being fixed so to avoid them myself; also do check if similar mistakes have not been made elsewhere if applicable
       
 (DIR) Post #ApcXKZTYWWYrljUUU4 by lanodan@queer.hacktivis.me
       2024-12-31T23:52:18.617369Z
       
       0 likes, 0 repeats
       
       @dalias @jeroen @bagder Luckily most CVEs I've seen have the commit URL, while for named-vuln-website it's much more horrible to have actual information.
       
 (DIR) Post #ApckIz49huV9xdBR8i by lanodan@queer.hacktivis.me
       2025-01-01T02:17:41.259411Z
       
       0 likes, 0 repeats
       
       @dalias @bagder @jeroen Right, I almost exclusively stick to floss so I rarely see the proprietary ones unless they're spectacularly bad (like the Palo Alto CVEs of 2024).