XMPP Council - 2022-03-14


  1. larma has joined
  2. pprrks has joined
  3. neox has left
  4. vaulor has left
  5. pprrks has left
  6. pprrks has joined
  7. debacle has left
  8. pprrks has left
  9. larma has left
  10. larma has joined
  11. Kev has left
  12. Kev has joined
  13. marc0s has left
  14. marc0s has joined
  15. marc0s has left
  16. marc0s has joined
  17. Ingolf has left
  18. Ingolf has joined
  19. Zash has left
  20. larma has left
  21. larma has joined
  22. Zash has joined
  23. menel has joined
  24. vaulor has joined
  25. msavoritias has joined
  26. Tobias has joined
  27. pprrks has joined
  28. me9 has joined
  29. pprrks has left
  30. me9 has left
  31. pprrks has joined
  32. neox has joined
  33. pprrks has left
  34. pprrks has joined
  35. moparisthebest has left
  36. pep. has joined
  37. debacle has joined
  38. pprrks has left
  39. pprrks has joined
  40. marc0s has left
  41. marc0s has joined
  42. pprrks has left
  43. pprrks has joined
  44. pprrks has left
  45. pprrks has joined
  46. pprrks has left
  47. pprrks has joined
  48. marc0s has left
  49. marc0s has joined
  50. marc0s has left
  51. marc0s has joined
  52. pprrks has left
  53. pprrks has joined
  54. marc0s has left
  55. marc0s has joined
  56. pprrks has left
  57. pprrks has joined
  58. iink has left
  59. iink has joined
  60. marc0s has left
  61. marc0s has joined
  62. pprrks has left
  63. pprrks has joined
  64. Wojtek has joined
  65. Wojtek has left
  66. Wojtek has joined
  67. marc0s has left
  68. marc0s has joined
  69. pprrks has left
  70. pprrks has joined
  71. moparisthebest has joined
  72. pprrks has left
  73. pprrks has joined
  74. marc0s has left
  75. marc0s has joined
  76. pprrks has left
  77. pprrks has joined
  78. marc0s has left
  79. marc0s has joined
  80. pprrks has left
  81. pprrks has joined
  82. me9 has joined
  83. Wojtek has left
  84. Wojtek has joined
  85. pprrks has left
  86. pprrks has joined
  87. menel has left
  88. pprrks has left
  89. pprrks has joined
  90. marc0s has left
  91. marc0s has joined
  92. Wojtek has left
  93. Wojtek has joined
  94. pprrks has left
  95. pprrks has joined
  96. pprrks has left
  97. pprrks has joined
  98. iink has left
  99. iink has joined
  100. iink has left
  101. iink has joined
  102. iink has left
  103. iink has joined
  104. iink has left
  105. pprrks has left
  106. pprrks has joined
  107. pprrks has left
  108. pprrks has joined
  109. marc0s has left
  110. marc0s has joined
  111. pprrks has left
  112. pprrks has joined
  113. iink has joined
  114. iink has left
  115. iink has joined
  116. moparisthebest has left
  117. iink has left
  118. iink has joined
  119. iink has left
  120. iink has joined
  121. pprrks has left
  122. pprrks has joined
  123. iink has left
  124. iink has joined
  125. iink has left
  126. iink has joined
  127. moparisthebest has joined
  128. iink has left
  129. iink has joined
  130. iink has left
  131. iink has joined
  132. iink has left
  133. iink has joined
  134. iink has left
  135. iink has joined
  136. iink has left
  137. iink has joined
  138. iink has left
  139. pprrks has left
  140. menel has joined
  141. marc0s has left
  142. marc0s has joined
  143. marc0s has left
  144. marc0s has joined
  145. marc0s has left
  146. marc0s has joined
  147. me9 has left
  148. marc0s has left
  149. marc0s has joined
  150. iink has joined
  151. iink has left
  152. Tobias has left
  153. marc0s has left
  154. marc0s has joined
  155. marc0s has left
  156. marc0s has joined
  157. marc0s has left
  158. marc0s has joined
  159. marc0s has left
  160. marc0s has joined
  161. marc0s has left
  162. marc0s has joined
  163. moparisthebest how long do CVE's stay hidden? do the CVE folk alert the maintainers or ?
  164. moparisthebest gajim has pushed a fix to their library but all gajims and pidgins from package managers in the wild remain vulnerable to trivial MITM
  165. daniel No. The CVE is just a number. You need to write that down (on a private url) and notify the maintainers
  166. daniel Send them the CVE and the problem description
  167. moparisthebest daniel: what do they need to do with it...
  168. moparisthebest (they don't know either)
  169. daniel Assuming it's fixed upstream what a package maintainer needs is the CVE (even if there is no actual content behind that), a description of the problem (the for now private url that later will become public), and a link to the upstream commit that fixes the issue. That allow the maintainer to put the fix into security updates. (some distributions have the policy to only allow security fixes and will cherry pick the fix)
  170. Wojtek has left
  171. daniel If there is no upstream fix then I'm not sure what the 'correct' procedure is. You either wait until you can perform the steps above are just publish I guess
  172. daniel So to answer the question on 'when does a CVE becomes public' - that's for you to decide
  173. vanitasvitae_ has left
  174. vanitasvitae_ has joined
  175. me9 has joined
  176. mathieui has left
  177. me9 has left
  178. msavoritias has left
  179. paul has left
  180. pprrks has joined
  181. menel has left
  182. menel has joined
  183. paul has joined
  184. pprrks has left
  185. moparisthebest has left
  186. moparisthebest has joined
  187. moparisthebest has left
  188. moparisthebest has joined
  189. moparisthebest has left
  190. SouL has left
  191. moparisthebest has joined
  192. pep. has left
  193. moparisthebest has left
  194. moparisthebest has joined
  195. Kev has left