Ouch! Percentage of internet of things devices who don't ship libcurl is a rounding error. Percentage of internet of things devices that patch libcurl is also a rounding error.
> Updating the shared libcurl library should be enough to fix this issue on all operating systems.<p>> Then again there will also be countless docker (and similar) images that feature their own copies, so there will still be quite a large number of rebuilds necessary I bet.<p>Quite a large number, yeah.
I kinda hate doing things this way...<p>Could it be better not to just come out with somewhat alarmist take that hey we are going to release high risk vulnerability in week... And fixes to that...<p>But instead just release new version and CVE at same time? Now is everyone trying to get ready to exploit this on 11th, or already getting most out of it if they know? And does this information really make anyone to hover their finger on button to push new versions and so on on 11th?
Sad to see this just a month and a half from this post: <a href="https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/" rel="nofollow noreferrer">https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-eve...</a><p>Is the CVE system unreasonably alarmistic or is C unpredictable with flaws?