Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty FAQ   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Videos Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users IRC / chat Mailing lists Everything curl [book] Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl Tests Overview
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

crowd-source severity levels for 72 old curl vulnerabiliies?

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 2 Jun 2023 10:33:05 +0200 (CEST)

Hello,

In the curl project we have had 145 recorded past security vulnerabilities,
recorded as CVEs. They are all listed here: https://curl.se/docs/security.html

However, for the first 72 issues we have no recorded severity level set for
them. This is simply because we did not bother to figure them out in the curl
security team at the time. Nowadays we always do and that is an important part
of our work on our security advisories.

As you can see in the list, the severity indicating letters are missing a bit
down in the table.

I would like to have severity levels set for the oldest 72 issues as well - so
that all are covered - but I do not want to single-handedly go over them all
and set my own personal opinon level on them.

Anyone who wants to help out with this? 

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-06-02