ManniA CVE in ack3?
https://github.com/beyondgrep/ack3/issues/399
Cannot imagine anything serious behind this.
Boston Perl Mongers@confuseacat
roughly correct: concatenate enough hypotheticals and something serious is vaguely plausible; but we're treating it seriously anyway. Sorry for vaguebooking; we're under responsible disclosure embargo until release (soon). Stay tuned for the underwhelming reveal! -- @BRicker
roughly correct: concatenate enough hypotheticals and something serious is vaguely plausible; but we're treating it seriously anyway. Sorry for vaguebooking; we're under responsible disclosure embargo until release (soon). Stay tuned for the underwhelming reveal! -- @BRicker
Bill Ricker@Boston_PM @confuseacat
Now it can be told.
https://metacpan.org/release/PETDANCE/ack-v3.10.0
has fixes for 3 delightfully twisted CVEs (and a couple variations).
https://github.com/beyondgrep/ack3/commit/45ff5fe77dbd96f7332f31943102291f878f30b8
Now it can be told.
https://metacpan.org/release/PETDANCE/ack-v3.10.0
has fixes for 3 delightfully twisted CVEs (and a couple variations).
https://github.com/beyondgrep/ack3/commit/45ff5fe77dbd96f7332f31943102291f878f30b8
@BRicker @Boston_PM good work, Bill!
Don't know whether "delightful" is the right choice of word here, but I'm not a native speaker ;-)
Don't know whether "delightful" is the right choice of word here, but I'm not a native speaker ;-)
@confuseacat @Boston_PM
I am often somewhat ironic *and* was formerly a security researcher myself in a prior century, so i do find a twisted, ironic delight in the creativity that the researchers used to find these plausible problems. I'm glad they found it, vs. someone who'd use it for ill.
I am often somewhat ironic *and* was formerly a security researcher myself in a prior century, so i do find a twisted, ironic delight in the creativity that the researchers used to find these plausible problems. I'm glad they found it, vs. someone who'd use it for ill.