2025-08-11 20:43:31 achill, thx for merging today's Matrix Synapse update to resolve that CVE. I was just about to work on it when I realized it was already completed :) 2025-08-17 14:18:16 meh, receiving AI slop bug reports now on security@a.o (and sent to others as well. Length reports, bullet points with headings, showing immediate steps that failed, explaining what a zero-day is. The actual issue: xfreerdp fails to connect to an rdp server with an error (Protocol securirity negotation error). 2025-08-17 14:19:26 From the report: "Recommendations: Report the issue to the FreeRDP maintainers with detailed logs for analysis and patching." 2025-08-17 14:19:38 Clearly AI output 2025-08-17 14:21:56 time to add a wall of shame page it seems :P 2025-08-17 14:38:09 impact: - "The vulnerability prevents successful connections to certain RDP servers, potentially disrupting critical remote access functionality." 2025-08-17 14:38:18 - "If exploited, an attacker could craft a malicious RDP server that triggers this error, causing a denial-of-service (DoS) condition for FreeRDP clients." 2025-08-17 14:38:38 An attacker can setup a server that can prevent me from connecting to it :D 2025-08-17 16:15:57 ikke: that's kind from the attacker at least 2025-08-18 22:40:24 i would be very ok with publishing AI slop reports 2025-08-19 12:08:08 ikke: I'm sometimes having fun reading these, definitely worth collecting 2025-08-19 12:08:34 And reply with an AI generated response for even more fun :D 2025-08-24 15:06:54 not sure if i asked already, but would it affect anyone if i removed a bunch of secfixes that are clearly marked in the CVE databases with appropriate product versions 2025-08-24 15:07:29 Potentially, yes 2025-08-24 15:11:54 Ideally they would look at the CVE databases and not mark packages as vulnerable, but I believe we have seen in the past that some just look out secdb.a.o 2025-08-24 15:13:24 We could try to prune some older CVEs and see what happens 2025-08-25 18:09:36 nvd.nist.gov -> 503