Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/bagder/statuses/111963198021274580">daniel:// stenberg:// (bagder@mastodon.social)'s status on Tuesday, 20-Feb-2024 19:20:40 JST</a><a href="https://mastodon.social/@bagder" title="bagder@mastodon.social"><img src="https://gnusocial.jp/avatar/5732-48-20220816094715.webp" width="48" height="48" alt="daniel:// stenberg://" style="position: absolute; left: 0; top: 0;">daniel:// stenberg://</a><div><a href="https://mastodon.social/@bagder/111963196675992402" rel="in-reply-to">in reply to</a></div></section><article><p>I'm convinced someone just grepped commit messages for this and submitted a <a href="https://mastodon.social/tags/CVE" rel="tag">#CVE</a> and there was nothing and no one that even tried to confirm or check that this was actually legitimate. There was no filter in place and it was incorrectly let through. That's why it should be rejected. Saying it is "disputed" hints that there can be different views on this subject.</p><p>So, you are asking me to explain how this not identified vulnerability is actually not identifying a vulnerability.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2739597#notice-5432993">In conversation</a><time datetime="2024-02-20T19:20:40+09:00" title="Tuesday, 20-Feb-2024 19:20:40 JST">Tuesday, 20-Feb-2024 19:20:40 JST</time> <span>from <span><a href="https://mastodon.social/@bagder/111963198021274580" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@bagder/111963198021274580">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/759538">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
daniel:// stenberg:// (bagder@mastodon.social)'s status on Tuesday, 20-Feb-2024 19:20:40 JST daniel:// stenberg://
in reply to
I'm convinced someone just grepped commit messages for this and submitted a #CVE and there was nothing and no one that even tried to confirm or check that this was actually legitimate. There was no filter in place and it was incorrectly let through. That's why it should be rejected. Saying it is "disputed" hints that there can be different views on this subject.
So, you are asking me to explain how this not identified vulnerability is actually not identifying a vulnerability.
In conversationTuesday, 20-Feb-2024 19:20:40 JST from mastodon.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice