OSNews
A twenty-five year old curl bug
When we announced the security flaw CVE-2024-11053 on December 11, 2024 together with the release of curl 8.11.1 we fixed a security bug that was introduced in a curl release 9039 days ago. That is close to twenty-five years.
The previous record holder was CVE-2022-35252 at 8729 days.
↫ Daniel Stenberg
Ir's really quite fascinating to see details like this
https://www.osnews.com/story/141320/a-twenty-five-year-old-curl-bug/