- cross-posted to:
- cybersecurity@lemmy.capebreton.social
- cross-posted to:
- cybersecurity@lemmy.capebreton.social
In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH.
While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw works and how it happened.
Hmmmm. Maybe this is why Debian pushed a curl update today even though it was also upgraded in 12.2 four days ago
expired