XMPP Service Operators - 2022-10-25

  1. Licaon_Kter

    PSA: https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

  2. moparisthebest

    Hold onto your butts, should be released within the hour: > OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL

  3. Zash

    > This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC.

  4. Menel

    A point for debian with its old version... Did exactly what they try to achieve..

  5. Licaon_Kter

    Menel: which versions are affected

  6. Licaon_Kter

    Menel: which versions are affected?

  7. moparisthebest

    Last critical was heartbleed by the way, sleep well!

  8. Menel

    Since they write only about 3.0.7, I assume its about 3xx. Not the first time... We'll see

  9. moparisthebest

    ah yes, next tuesday, not today, how did I read that wrong...

  10. jonas’

    rumor has it that there exists no known exploit yet, at least.

  11. jonas’

    so it's not as terrible as heartbleed.

  12. jonas’


  13. Zash

    𝐓𝐡𝐞𝐲 have a whole week to make one, no rush

  14. Zash

    Menel, myeah, is OpenSSL 3.x in any Stable™ distro yet?

  15. jonas’

    Zash, Ubuntu LTS

  16. jonas’

    Zash, Ubuntu LTS (22.04)

  17. Zash

    Ubuntu, of course.

  18. jonas’

    "good luck to them"