Three years ago I blogged about #nuget serving outdated #curl packages.
Uncategorized
28
Posts
21
Posters
0
Views
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder That's quite the nugget you found there.
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
Microsoft, and Windows.
Ah well. -
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
-
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
but I took it to the big generic security portal and submitted a report there. Let's see what happens.
-
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
@bagder Maybe they got too many slop reports via email.
-
@bagder Maybe they got too many slop reports via email.
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder Have you considered if there's a demand for vintage curl releases that you aren't serving? Give the people what they want!
-
@bagder Have you considered if there's a demand for vintage curl releases that you aren't serving? Give the people what they want!
@Tenzer I linked the security people to this relevant page: https://curl.se/docs/vuln-7.51.0.html
-
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
@bagder AI Slop, this is why we can't have nice things.
-
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder I've using dotnet for a few years and wanted to try using Curl but didn't find anything that wasn't poorly maintained or totally outdated.
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder @shanselman responded to the bluesky mirror of this post.
-
@bagder @shanselman responded to the bluesky mirror of this post.
@ssg @shanselman thanks, I tend to miss the replies to the mirror-me over there...
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder
Have you considered reserving "Curl" prefix on NuGet?
https://learn.microsoft.com/en-us/nuget/nuget-org/id-prefix-reservation
It is not much but it would prevent random people from uploading "officially looking" packages. -
but I took it to the big generic security portal and submitted a report there. Let's see what happens.
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
-
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
@bagder our own IT team are running Office 2016 in a sensitive environment.
Why would MS be any better. 🙁 -
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
@bagder Subscription first, Quality second. Works as expected I suppose.
-
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
@bagder Microslop
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder nuget? more like oldget amirite
Gli ultimi otto messaggi ricevuti dalla Federazione
-
I funerali
-
@NicelyManifest @pikesley my point was just that the facilities slurping up water from those already suffering water shortage, while also being used to build a fascist surveillance state, are highly vulnerable to community uprising
-
@ottaross har you been tempted to do the “pop pop, paaaah”?
-
It's an acoustic bass. It makes your regular guitar feel like a little ukulele when you pick it up again. 😆
So a bass is just your regular guitar with the two high strings removed, and then a longer neck to drop it all an octave.
That G string tho! So electric sounding. Think the opening notes of Seinfeld. haha
-
@Hierarchy @pikesley I work for a university in the Midwest US and around 15 years ago it built a datacenter capable of withstanding an F5 tornado. I think it's partly underground. This was back when "cloud computing" was the buzzword of choice.
-
Saturday stroll
-
was about to post an update but uhhh let's just forget about it
love y'all
-
@pikesley I'm unsurprisingly comfortable with the loss of a few data centres in the name of war
I'd accept 1,000 data centre losses over 1 school or hospital any day of the week
