Hello,

In the curl project we have had 145 recorded past security vulnerabilities, recorded as CVEs. They are all listed here: https://curl.se/docs/security.html

However, for the first 72 issues we have no recorded severity level set for them. This is simply because we did not bother to figure them out in the curl security team at the time. Nowadays we always do and that is an important part of our work on our security advisories.

As you can see in the list, the severity indicating letters are missing a bit down in the table.

I would like to have severity levels set for the oldest 72 issues as well - so that all are covered - but I do not want to single-handedly go over them all and set my own personal opinon level on them.

Anyone who wants to help out with this?

--

 / daniel.haxx.se
 | Commercial curl support up to 24x7 is available!
 | Private help, bug fixes, support, ports, new features
 | https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to