We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl securit...
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programming@programming.dev
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
Follow the programming.dev instance rules
Keep content related to programming in some way
If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos
I want to thank the
curldevelopers for taking security issues seriously to keep me safe.Now I’m going to go pipe another
curlscript output directly into asudo bashcommand. /sWe need a version of
/sfor “I’m not actually doing this right now… but we know I still will…”Who also guesses buffer overflow or use-after-free?
Buffer overflows are like Lupus in House M.D.
It’s not overflow. It’s never overflow.
Why don’t they just rewrite it in rust? It would be much safer right?
I think that’s been asked before. That’d be a massive undertaking, and they also support architectures that I don’t think Rust does (yet).
You can already use experimental hyper backend (written in rust) for http stuff in curl https://aws.amazon.com/blogs/opensource/how-using-hyper-in-curl-can-help-make-the-internet-safer/ I wonder if the vulnerability touches this use case as well
Perfect article for my question. Appreciated.
deleted by creator