andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: + | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)
star_cloud has quit [Remote host closed the connection]
star_cloud has joined #nixos-security
ris has quit [Ping timeout: 258 seconds]
kalbasit has quit [Ping timeout: 272 seconds]
c74d has quit [Quit: c74d]
FRidh has joined #nixos-security
FRidh has quit [Ping timeout: 272 seconds]
FRidh has joined #nixos-security
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-security
rajivr has joined #nixos-security
<hexa-> patched in linux 5.9.2
<hexa-> also in 5.4.72
FRidh has quit [Ping timeout: 260 seconds]
kalbasit has joined #nixos-security
<hexa-> oh well
<hexa-> Subject: Buffer Overflow in raptor widely unfixed in Linux distros
<hexa-> tl;dr: debian fixed this bug after 3y, since the upstream was unresponsive and a CVE was never requested
<hexa-> Hanno Böck, who discovered the issue, says this
<hexa-> > Maybe noteworthy is that this didn't get a CVE in 2017. It seems many
<{^_^}> error: syntax error, unexpected IN, expecting ')', at (string):359:48
<hexa-> distros rely on CVEs to get a process of backporting fixes rolling.
<hexa-> Given the fluctuating reliability of CVE assignments not sure this is
<hexa-> wise. I have now requested a CVE (CVE-2017-18926).
<hexa-> I learned of this issue from DSA and fixed it promptly in #103134, which was today merged and backported
<{^_^}> (by mweinelt, 5 days ago, merged): librdf_raptor2: add patch for CVE-2017-18926
rajivr has quit [Quit: Connection closed for inactivity]
ris has joined #nixos-security
simpson has joined #nixos-security
star_cloud has quit [Read error: Connection reset by peer]
star_cloud has joined #nixos-security
MichaelRaskin has joined #nixos-security
zarel has quit [Ping timeout: 272 seconds]
zarel has joined #nixos-security
bridge[evilred] has quit [Remote host closed the connection]
bridge[evilred] has joined #nixos-security
<joepie91> "The Node.js project will release new versions of 15.x, 14.x and 12.x on or shortly after Monday, November 16th, 2020. These releases will fix: * One high severity issue"
kalbasit has quit [Ping timeout: 256 seconds]