In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH.

While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw works and how it happened.

  • macallik@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Hmmmm. Maybe this is why Debian pushed a curl update today even though it was also upgraded in 12.2 four days ago