daniel:// stenberg://Dec 13, 2024

"let me use an AI and file another bug against #curl

https://github.com/curl/curl/issues/15736

Severe Remote Code Execution Vulnerability in `varexpand` Function Due to Insecure Input Handling and Memory Operations · Issue #15736 · curl/curl

I did this A critical remote code execution vulnerability exists in the varexpand function due to a combination of insecure input handling, unsafe memory operations, and improper execution of user-...

GitHub
Show threadSunny

@bagder They accidentally pasted their conversation history with ChatGPT into another issue as well...

You said:
What is the major bug in this code
[...]

ChatGPT said:
The code contains a critical logical bug that violates an assertion in the function tiling_resize_for_border:
[...]

You said:
Write a github bug report for that issue, make it sound extremely major

Why.

Bug Report: Critical Issue with Resizing Logic in Tiling Mode · Issue #6333 · i3/i3

Welcome Yes, I'm using the latest major release or the current development version. These are the only supported versions. Yes, I've searched similar issues and discussions on GitHub and didn't fin...

GitHub
Dec 13, 2024 at 8:04amWeb
Show threaddaniel:// stenberg://Dec 13, 2024

@sunny "Write a github bug report for that issue, make it sound extremely major"

AAAAAAAAAAAAAAAAAAAAAA

Show threadAris Adamantiadis 💲PaidDec 13, 2024
@bagder @sunny I'm split between maniacal laugh and utter desperation when reading this, it's like they want to waste as much time as possible from everyone involved.
Show threadCassandrichDec 13, 2024
@sunny @bagder Github needs to use server logs to identify their real account and suspend that. These asshats won't stop til the Find Out phase.
Show threadLars Marowsky-Brée 😷Dec 13, 2024
@dalias @sunny @bagder Yes, but public services like OpenAI need to refuse such queries too.
Show threadDrewDec 13, 2024

there's way more:

https://github.com/sveltejs/svelte/issues/14665
https://github.com/LunarVim/LunarVim#4630
https://github.com/facebook/react#31728
https://github.com/duckdb/duckdb-rs#411
https://github.com/apostrophecms/sanitize-html#681

Major Security Vulnerability: Path Injection and Unvalidated File Access · Issue #14665 · sveltejs/svelte

Describe the bug A potential security vulnerability has been identified in the codebase that could allow path injection attacks and unintended file system access. This issue arises due to dynamical...

GitHub
Show threadDaniel Silverstone - MovedDec 13, 2024
@sunny @bagder I wonder, is anyone gathering the usernames of people who do this so that those of us with FOSS projects not yet targeted can pre-block them?
Show threaddaniel:// stenberg://Dec 13, 2024
@kinnison @sunny I think the general idea is that Github bans/stops these users, so we should all report them so they are properly noticed
Show threadilmariDec 13, 2024

@bagder @kinnison @sunny I did, and got this reply within an hour:

We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response.

Both the above issue and the user's profile now return a 404.

Show threadDaniel Silverstone - MovedDec 13, 2024
@ilmari @bagder @sunny that's better than I expected 🎉🎉🎉
Show threadMizah Dec 13, 2024
@sunny @bagder Fishing for bug bounties, maybe seeking attention, I'm guessing.

If you just throw enough shit at the wall maybe some will stick.
Show threadNikita PuzyryovDec 13, 2024
@sunny @bagder I (and possibly others) reported the guy. It appears GitHub chose the nuclear option to deal with him 😅