2022-10-04 18:43:51 <kaamos> Hi
2022-10-04 18:43:57 <ikke> hello
2022-10-06 11:41:25 <omni> !39850 !39852 !39854
2022-10-06 11:43:22 <omni> oh, i didn't prefix them
2022-10-06 11:43:58 <omni> !39853 seem to be having issues with libcrypto1.1 vs ca-certificates-bundle
2022-10-06 15:35:06 <ncopa> Code of conduct has been updated: https://alpinelinux.org/community/code-of-conduct.html
2022-10-06 22:07:04 <jalberti> hi! There is https://security.alpinelinux.org/vuln/CVE-2022-2309 which supposedly affects libxml2, but libxml2 is not listed as potentially vulnerable here https://security.alpinelinux.org/branch/3.16-main. Do you happen to have a status on this? I see libxml2 was recently rebuild, https://pkgs.alpinelinux.org/package/v3.16/main/x86_64/libxml2, and received patches https://git.alpinelinux.org/aports/commit/?id=8d6de99bbd4acd3cc28bc40
2022-10-06 22:07:04 <jalberti> 1e9045d8d6ca9f118. So is there anything pending, or the CVE is missing the CPE URI, and that's all? Thanks!!
2022-10-06 22:12:31 <psykose> that commit fixes it, i just typo'd the number (32/23)
2022-10-06 22:12:35 <psykose> same for all the release branches
2022-10-06 22:12:44 <psykose> nothing to fix aside from me fixing the typo
2022-10-06 22:27:19 <jalberti> thanks!!
2022-10-11 21:55:35 <omni> https://xenbits.xen.org/xsa/
2022-10-11 22:11:01 <omni> the four released today are all of DoS impact  
2022-10-11 22:15:07 <omni> I'm too tired/not worried enough to look more at thm now
2022-10-12 01:08:47 <psykose> take your time :)
2022-10-12 15:27:03 <ikke> openssl 3.0.6 and 1.1.1r withdrawn: https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
2022-10-12 15:27:15 <ikke> due to regression
2022-10-15 09:40:28 <omni> https://lwn.net/ml/oss-security/20221013101046.GB20615@suse.de/
2022-10-15 09:40:36 <omni> https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.74
2022-10-15 09:46:10 <omni> https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.148
2022-10-15 18:22:46 <omni> !40234 !40235 !40245
2022-10-21 14:24:59 <omni> https://github.com/python/cpython/issues/98517
2022-10-21 14:25:45 <omni> "Buffer overflow in the _sha3 module in python versions <= 3.10 #98517"
2022-10-21 14:26:01 <omni> https://github.com/python/cpython/pull/98519
2022-10-21 14:26:07 <omni> "[3.10] gh-98517: Fix buffer overflows in _sha3 module #98519"
2022-10-21 23:36:34 <psykose> do you think they'll make a release for that or just the usual ~few weeks
2022-10-22 00:00:23 <omni> no idea, but seems like obsd patched early https://github.com/openbsd/ports/commit/12c0e7a6d6a7f6a6566466813438d65b1aebce93
2022-10-22 00:02:37 <omni> the post https://mouha.be/sha-3-buffer-overflow/ also mention php
2022-10-22 00:02:53 <omni> mirage patched digestif https://github.com/mirage/digestif/commit/195c82584cea99bd6ad4a7526b9f1af0b705e857
2022-10-22 00:05:20 <omni> https://twitter.com/koehntopp/status/1583189790362832898
2022-10-25 14:56:35 <minimal> https://nvd.nist.gov/vuln/detail/CVE-2022-35737
2022-10-25 14:57:04 <minimal> sqlite issue, version in Edge has fix, 3.16 does not (didn't check older Alpine releases)
2022-10-25 15:08:34 <jvoisin> https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html next openssl release (1st of November) is going to be "CRITICAL" :/
2022-10-25 15:16:01 <ikke> fun
2022-10-25 15:22:26 <psykose> probably a 5 minute fix
2022-10-25 15:22:32 <psykose> and then a 5 minute revert due to the 10 regressions
2022-10-25 15:22:34 <psykose> business as usual eh
2022-10-27 11:29:40 <omni> ncopa: CVE-2022-1184 fixed in linux 5.15.75 and 5.10.150
2022-10-27 11:30:51 <ncopa> 👍
2022-10-29 12:55:40 <ikke> FYI, golang also anounced a private security fix that will be released on tuesday: https://groups.google.com/g/golang-announce/c/dRtDK7WS78g
2022-10-31 18:14:48 <jvoisin> ^ https://groups.google.com/g/golang-announce/c/dRtDK7WS78g/m/T5pVQ7PoAQAJ not as bad as the OpenSSL on though :D