2022-09-06 15:35:34 <ikke> https://go.dev/blog/vuln
2022-09-06 15:40:09 <Foxboron> Uh, more proprietary stuff?
2022-09-06 16:26:54 <kpcyrd> it seems like govulncheck hasn't had it's first release yet
2022-09-06 19:09:31 <jvoisin> Foxboron: technically, the CPE/CVE database is kinda proprietary, I guess?
2022-09-06 19:11:05 <Foxboron> jvoisin: it's not?
2022-09-06 19:11:56 <jvoisin> well, good luck getting things into the CPE database without the NIST's blessing
2022-09-06 21:16:50 <Foxboron> jvoisin: I don't see the relationship between my comment and that. It's largely because the central infra Go devs are pushing to users proprietary. The code isn't published
2022-09-06 21:17:07 <Foxboron> The fact that CPE and CVE needs someone to add entries is besides the point
2022-09-07 16:47:58 <Ariadne> Foxboron: i still wish they had the courage to go with JSON-LD for OSV.  everything else is going that direction now, like SPDX.
2022-09-07 22:10:44 <Foxboron> Ariadne: osv is going to be whatever google needs, sadly
2022-09-07 22:11:08 <Ariadne> yeah, well, i made an attempt to convince google that they needed JSON-LD :(
2022-09-07 22:11:15 <Ariadne> they will learn the hard way
2022-09-08 08:22:30 <Foxboron> There will be more sway when OSV-schema *needs* to be gouverned the openssf way. Currently it's just Google doing stuff
2022-09-21 10:23:00 <omni> I cannot look at expat (CVE-2022-40674) for v3.13 right now, the others were easier (just a point release bump)
2022-09-21 11:33:35 <ncopa> ok. I can have a look at it
2022-09-21 11:47:08 <ncopa> expat fixed in 3.13-stable too. thank you omni!
2022-09-21 11:53:51 <ikke> Also CVEs announced for BIND
2022-09-21 11:54:08 <ikke> https://www.openwall.com/lists/oss-security/2022/09/21/3
2022-09-21 12:23:28 <ncopa> im working on bind updates
2022-09-21 12:37:38 <ncopa> bind is done
2022-09-25 19:02:50 <ikke> squid: Exposure of Sensitive Information in Cache Manager (https://www.openwall.com/lists/oss-security/2022/09/23/1). Fixed in 5.7
2022-09-25 19:03:20 <ikke> squid: Buffer Over Read in SSPI and SMB
2022-09-25 19:03:22 <ikke>  Authentication
2022-09-25 19:03:24 <ikke> https://www.openwall.com/lists/oss-security/2022/09/23/2
2022-09-25 19:04:18 <ikke> CVE-2022-41317 and CVE-2022-41318
2022-09-26 06:02:17 <omni> dnsmasq 2.87 "Fix write-after-free error in DHCPv6 server code. CVE-2022-0934 refers." - https://dnsmasq.org/CHANGELOG