XMPP Council - 2022-03-14

  1. larma has joined

  2. pprrks has joined

  3. neox has left

  4. vaulor has left

  5. pprrks has left

  6. pprrks has joined

  7. debacle has left

  8. pprrks has left

  9. larma has left

  10. larma has joined

  11. Kev has left

  12. Kev has joined

  13. marc0s has left

  14. marc0s has joined

  15. marc0s has left

  16. marc0s has joined

  17. Ingolf has left

  18. Ingolf has joined

  19. Zash has left

  20. larma has left

  21. larma has joined

  22. Zash has joined

  23. menel has joined

  24. vaulor has joined

  25. msavoritias has joined

  26. Tobias has joined

  27. pprrks has joined

  28. me9 has joined

  29. pprrks has left

  30. me9 has left

  31. pprrks has joined

  32. neox has joined

  33. pprrks has left

  34. pprrks has joined

  35. moparisthebest has left

  36. pep. has joined

  37. debacle has joined

  38. pprrks has left

  39. pprrks has joined

  40. marc0s has left

  41. marc0s has joined

  42. pprrks has left

  43. pprrks has joined

  44. pprrks has left

  45. pprrks has joined

  46. pprrks has left

  47. pprrks has joined

  48. marc0s has left

  49. marc0s has joined

  50. marc0s has left

  51. marc0s has joined

  52. pprrks has left

  53. pprrks has joined

  54. marc0s has left

  55. marc0s has joined

  56. pprrks has left

  57. pprrks has joined

  58. iink has left

  59. iink has joined

  60. marc0s has left

  61. marc0s has joined

  62. pprrks has left

  63. pprrks has joined

  64. Wojtek has joined

  65. Wojtek has left

  66. Wojtek has joined

  67. marc0s has left

  68. marc0s has joined

  69. pprrks has left

  70. pprrks has joined

  71. moparisthebest has joined

  72. pprrks has left

  73. pprrks has joined

  74. marc0s has left

  75. marc0s has joined

  76. pprrks has left

  77. pprrks has joined

  78. marc0s has left

  79. marc0s has joined

  80. pprrks has left

  81. pprrks has joined

  82. me9 has joined

  83. Wojtek has left

  84. Wojtek has joined

  85. pprrks has left

  86. pprrks has joined

  87. menel has left

  88. pprrks has left

  89. pprrks has joined

  90. marc0s has left

  91. marc0s has joined

  92. Wojtek has left

  93. Wojtek has joined

  94. pprrks has left

  95. pprrks has joined

  96. pprrks has left

  97. pprrks has joined

  98. iink has left

  99. iink has joined

  100. iink has left

  101. iink has joined

  102. iink has left

  103. iink has joined

  104. iink has left

  105. pprrks has left

  106. pprrks has joined

  107. pprrks has left

  108. pprrks has joined

  109. marc0s has left

  110. marc0s has joined

  111. pprrks has left

  112. pprrks has joined

  113. iink has joined

  114. iink has left

  115. iink has joined

  116. moparisthebest has left

  117. iink has left

  118. iink has joined

  119. iink has left

  120. iink has joined

  121. pprrks has left

  122. pprrks has joined

  123. iink has left

  124. iink has joined

  125. iink has left

  126. iink has joined

  127. moparisthebest has joined

  128. iink has left

  129. iink has joined

  130. iink has left

  131. iink has joined

  132. iink has left

  133. iink has joined

  134. iink has left

  135. iink has joined

  136. iink has left

  137. iink has joined

  138. iink has left

  139. pprrks has left

  140. menel has joined

  141. marc0s has left

  142. marc0s has joined

  143. marc0s has left

  144. marc0s has joined

  145. marc0s has left

  146. marc0s has joined

  147. me9 has left

  148. marc0s has left

  149. marc0s has joined

  150. iink has joined

  151. iink has left

  152. Tobias has left

  153. marc0s has left

  154. marc0s has joined

  155. marc0s has left

  156. marc0s has joined

  157. marc0s has left

  158. marc0s has joined

  159. marc0s has left

  160. marc0s has joined

  161. marc0s has left

  162. marc0s has joined

  163. moparisthebest

    how long do CVE's stay hidden? do the CVE folk alert the maintainers or ?

  164. moparisthebest

    gajim has pushed a fix to their library but all gajims and pidgins from package managers in the wild remain vulnerable to trivial MITM

  165. daniel

    No. The CVE is just a number. You need to write that down (on a private url) and notify the maintainers

  166. daniel

    Send them the CVE and the problem description

  167. moparisthebest

    daniel: what do they need to do with it...

  168. moparisthebest

    (they don't know either)

  169. daniel

    Assuming it's fixed upstream what a package maintainer needs is the CVE (even if there is no actual content behind that), a description of the problem (the for now private url that later will become public), and a link to the upstream commit that fixes the issue. That allow the maintainer to put the fix into security updates. (some distributions have the policy to only allow security fixes and will cherry pick the fix)

  170. Wojtek has left

  171. daniel

    If there is no upstream fix then I'm not sure what the 'correct' procedure is. You either wait until you can perform the steps above are just publish I guess

  172. daniel

    So to answer the question on 'when does a CVE becomes public' - that's for you to decide

  173. vanitasvitae_ has left

  174. vanitasvitae_ has joined

  175. me9 has joined

  176. mathieui has left

  177. me9 has left

  178. msavoritias has left

  179. paul has left

  180. pprrks has joined

  181. menel has left

  182. menel has joined

  183. paul has joined

  184. pprrks has left

  185. moparisthebest has left

  186. moparisthebest has joined

  187. moparisthebest has left

  188. moparisthebest has joined

  189. moparisthebest has left

  190. SouL has left

  191. moparisthebest has joined

  192. pep. has left

  193. moparisthebest has left

  194. moparisthebest has joined

  195. Kev has left