See https://github.com/curl/curl-www/pull/237
Let me know how we can perfect this. This JSON file will be automatically
generated and provided on the curl site at a fixed URL.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports,
On 01-May-23 06:16, Daniel Stenberg via curl-library wrote:
See https://github.com/curl/curl-www/pull/237
Let me know how we can perfect this. This JSON file will be
automatically generated and provided on the curl site at a fixed URL.
Good start. A few things to consider:
* Use "summary
On Mon, 1 May 2023, Timothe Litt via curl-library wrote:
Good start. A few things to consider:
I decided to try to use something like https://ossf.github.io/osv-schema/
Lots of tiny changes have been applied.
* Rather than hiding in description, add key for "known exploits" -
value can b
On 01-May-23 15:18, Daniel Stenberg wrote:
* Rather than hiding in description, add key for "known exploits" -
value can be boolean. [will this be updated if updates are
discovered after publication? If not, what's the value of having it?]
We basically never get that information. I don't t
On Mon, 1 May 2023, Timothe Litt wrote:
Then perhaps the sentence "We are not aware of any exploit of this flaw."
shouldn't appear in the descriptions, since it persists long after the
initial publication.
Right, it's a challenge to provide information at the time of the disclosure
that we c
On Mon, 1 May 2023, Daniel Stenberg via curl-library wrote:
So yeah. Does the line help or does it mislead? I don't know.
I think it is more bad than good. Let's remove those:
https://github.com/curl/curl-www/pull/238
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
On Tue, 2 May 2023, Daniel Stenberg via curl-library wrote:
Here's a little CVE as JSON update:
We now provide:
- All CVEs as a big JSON array with objects.
URL: https://curl.se/docs/vuln.json
- Every CVE as a single JSON. Just change .html to .json on the CVE URL:
Example URL: https
