2025-10-01 06:56:28 <ncopa> https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/90895
2025-10-01 06:56:36 <ncopa> I backported the fixes
2025-10-01 06:56:44 <ncopa> they were trivial
2025-10-01 06:58:05 <omni> 👍
2025-10-01 11:12:15 <dne> nice! btw, "Non-LTS releases up to 3.4 are supported for at least two years. Non-LTS releases after 3.5 will be full supported for 13 months."
2025-10-01 11:12:26 <dne> from https://openssl-library.org/policies/releasestrat/
2025-10-01 11:44:53 <ikke> https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-linux-sudo-flaw-exploited-in-attacks/
2025-10-01 11:45:19 <ikke> We still have 1.9.17 in the repository 
2025-10-01 11:58:45 <ncopa> I can have a look at CVE-2025-32463
2025-10-01 12:01:47 <ncopa> the CVE says that sudo before 1.9.17p1 is vulnerable
2025-10-01 12:02:08 <ncopa> 3.21-stable has 1.9.17_p1, so it should be fixed
2025-10-01 12:03:08 <ncopa> 3.20-stable and 3.19-stable has older, 1.9.15_p5 adn 1.9.15_p2
2025-10-01 12:03:13 <ncopa> but sudo is in community
2025-10-01 12:03:58 <ncopa> so we technically dont need to fix those?
2025-10-01 12:13:37 <ikke> Yeah, that was one of the reasons sudo was moved to community
2025-10-01 13:02:38 <ncopa> so nothing to do, I suppose
2025-10-01 15:02:55 <ikke> No, I saw "through 1.9.17" in the post, so thought those versions were affected as well
2025-10-08 03:35:52 <jahway603[m]> Matrix synapse was just released today to address a CVE. Please merge approvals for !91194 and !91193 to fix it.
2025-10-08 08:07:11 <dne> go 1.25.2 and 1.24.8 released, with 10 security fixes: https://groups.google.com/g/golang-nuts/c/Gxn25BP4MXk/m/3KrM-XBOBAAJ
2025-10-08 23:10:14 <omni> I merged !91096 and hope there are no breaking changes, got worried as I re-read https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/83928#note_507400
2025-10-08 23:12:36 <omni> and older stable branches should probably be taken care of
2025-10-09 07:14:34 <ncopa> thanks!
2025-10-09 07:34:05 <ncopa> it looks like he bumps soversion when breaking ABI from 2.14.0. releases was done in 2.13 branch after that, so I assume we are good
2025-10-16 01:22:42 <omni> https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5
2025-10-16 01:28:45 <omni> in our 3.19 we have the EOLed 2.28.10 version of mbedtls, haven't checked if backporting patches is easy nor needed
2025-10-16 01:29:27 <omni> but opened upgrade MRs for our other branches
2025-10-16 09:45:01 <ncopa> linux-pam has a few CVEs as well got report here: https://gitlab.alpinelinux.org/alpine/help/-/issues?show=eyJpaWQiOiI2MCIsImZ1bGxfcGF0aCI6ImFscGluZS9oZWxwIiwiaWQiOjM1NTI0MX0%3D
2025-10-16 09:45:11 <ncopa> er
2025-10-16 09:45:14 <ncopa> https://gitlab.alpinelinux.org/alpine/help/-/issues/60
2025-10-17 06:32:11 <latos> hello 
2025-10-17 06:32:23 <latos> is there anybody herer