2022-12-16 03:06:18 <omni> the current long-term branch of mbedtls is 2.28, currently at 2.28.2
2022-12-16 03:06:50 <omni> however, alpine 3.14-stable and 3.15-stable are still at the last release of the previous long-term branch
2022-12-16 03:07:43 <omni> (just mentioning here too, so it doesn't get lost in the other channel)
2022-12-26 17:58:09 <ikke> Multiple vulnerabilities in WebKitGTK: https://www.openwall.com/lists/oss-security/2022/12/26/1
2022-12-26 18:02:22 <jvoisin> isn't WebKitGTK the project that should never be used or something?
2022-12-26 18:03:37 <psykose_> other way around
2022-12-26 18:03:59 <psykose_> you're thinking of chromium /ducks
2022-12-26 18:04:06 <psykose_> (but what you're actually thinking of is webkitqt)
2022-12-26 18:04:37 <psykose_> ((it was dropped in favor of qtwebengine))
2022-12-26 20:42:42 <jvoisin> (thanks)
2022-12-27 11:25:22 <omni> !42647 !42648
2022-12-27 11:25:49 <omni> for 3.16-stable and 3.17-stable
2022-12-27 16:03:51 <ncopa> Max version is wrong here https://security.alpinelinux.org/vuln/CVE-2022-42919
2022-12-27 16:04:12 <ncopa> should be <3.10.9
2022-12-27 16:04:31 <ncopa> fixed in 3.10.9:  https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final
2022-12-27 16:04:42 <ncopa> not sure if we care enough to do anything about it
2022-12-27 16:05:03 <ikke> The data comes from NVD
2022-12-27 16:05:16 <ikke> Not sure if it will be fixed there eventually
2022-12-27 16:31:20 <psykose> seeing an actual correct version range there is a unicorn
2022-12-27 16:31:35 <psykose> i think i've only seen it for curl lol
2022-12-27 16:34:38 <psykose> (the vast majority of these do <x.y only so they're wrong for some version that didn't even have the code in question)
2022-12-27 23:08:36 <jvoisin> with Intel CET becoming more and more available, any plans to make use of it in Alpine?
2022-12-27 23:08:48 <jvoisin> Ubuntu has it enabled since 20.04 iirc
2022-12-31 04:35:31 <goodattempt> ignore ping please. sry