subject:"junk cves \-\- rant"

junk cves -- rant

2024-04-11 Thread Tim Allison


I just excluded joda-time because of this: CVE-2024-23080
https://nvd.nist.gov/vuln/detail/CVE-2024-23080

This is an NPE in joda-time version 2.12.5. That's two versions before the
current...is it actually still in there. And more importantly, an NPE is
not a CVE in Java. People, please.

And please, oh, please don't tell me that the llms are responsible for this!

I'm hoping this is a post report echo artifact and not the cause of this
report.

https://gist.github.com/LLM4IG/6614bfa658295d7af07a6d37e06db27f

-- Forwarded message -
From: Tim Allison 
Date: Thu, Apr 11, 2024 at 12:36 PM
Subject: [apache/tika] Run failed: main jdk11 build - main (87e84f7)
To: apache/tika 
Cc: Ci activity 



[image: GitHub] [apache/tika] main jdk11 build workflow run

  main jdk11 build: All jobs have failed

View workflow run 

[image: build (11)]

*main jdk11 build* / build (11)
Failed in 5 minutes and 34 seconds
[image: annotations for main jdk11 build / build (11)] 3




—
You are receiving this because you are subscribed to this thread.
Manage your GitHub Actions notifications



GitHub, Inc. ・88 Colin P Kelly Jr Street ・San Francisco, CA 94107

Re: junk cves -- rant

2024-04-12 Thread Nick Burch


On Thu, 11 Apr 2024, Tim Allison wrote:

I just excluded joda-time because of this: CVE-2024-23080
https://nvd.nist.gov/vuln/detail/CVE-2024-23080

This is an NPE in joda-time version 2.12.5. That's two versions before the
current...is it actually still in there. And more importantly, an NPE is
not a CVE in Java. People, please.


Have you seen all the rants from the Curl folks?
https://daniel.haxx.se/blog/2024/02/21/disputed-not-rejected/
https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/

Nick

junk cves -- rant

Re: junk cves -- rant

2 matches

Site Navigation

Mail list logo

Footer information