daniel:// stenberg://13h ago

If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project.

(I'd like to make a little list for my coming talk on this.)

Show threaddaniel:// stenberg://11h ago

Apache httpd, curl, Django, Firefox, glibc, GnuTLS, Haproxy, libssh, Linux kernel, python, Temporal, Wireshark, wolfSSL

More?

Show threaddaniel:// stenberg://8h ago

Updated:

Apache httpd, curl, Django, Elasticsearch Python client, Firefox, git, glibc, GnuTLS, Haproxy, Immich, libssh, Linux kernel, OpenLDAP, PowerDNS, python, Sequoia PGP, Temporal, urllib3, Wireshark, wolfSSL

We can say with certainty that this is widespread.

Show threadEven Rouault
@bagder libtiff too, with some gems like https://gitlab.com/libtiff/libtiff/-/work_items/814
Heap buffer overflow in TIFFClientOpenExt via TOCTOU race between strlen and strcpy on caller-supplied filename (#814) · Issues · libtiff / libtiff · GitLab

Summary A time-of-check-to-time-of-use (TOCTOU) race condition in TIFFClientOpenExt() (libtiff/tif_open.c) causes a heap buffer overflow when the name argument points to a shared mutable buffer that is concurrently...

GitLab
12:18pmWeb
Show threadkby3h ago
@EvenRouault @bagder Is this what’s meant with high-quality? Long inflationary description of a minor to practically non-existent vulnerability?