Harry Sintonen

🛡️ harrysintonen_at_infosec.exchange@momostr.pink

npub1te8a...pgc3

Infosec consultant at REVƎЯSEC https://reversec.com - Coding, Research + various other interests PGP: https://sintonen.fi/pgpkey.txt Research: https://sintonen.fi/advisories/ Github: https://github.com/piru

Harry Sintonen 2 days ago

I understand #curl project decision to stop the #bugbounty and leave #hackerone. The torrent of #AIslop has become unbearable.

GitHub

BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 by bagder · Pull Request #20312 · curl/curl

Remove mentions of the bounty and hackerone. There will be more mentions, blog posts, timings etc in the coming weeks.

I will continue to report vulnerabilities to the project whether it has a bug bounty or not.

Harry Sintonen 1 week ago

No, there's no major security vulnerability in zlib. There's a stack buffer overflow in the contrib/untgz tool. However, these tools are unsupported as described by the README.contrib file:

GitHub

zlib/contrib/README.contrib at develop · madler/zlib

A massively spiffy yet delicately unobtrusive compression library. - madler/zlib

" All files under this contrib directory are UNSUPPORTED. They were provided by users of zlib and were not tested by the authors of zlib. Use at your own risk. Please contact the authors of the contributions for help about these, not the zlib authors. Thanks. " #infosec #cybersecurity

Load More → Loading...