XMPP Service Operators - 2022-10-25

  1. Licaon_Kter

    PSA: https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

  2. moparisthebest

    Hold onto your butts, should be released within the hour: > OpenSSL 3.0.7 is a security-fix release. The highest severity issue fixed in this release is CRITICAL

  3. Zash

    > This release will be made available on Tuesday 1st November 2022 between 1300-1700 UTC.

  4. Menel

    A point for debian with its old version... Did exactly what they try to achieve..

  5. Licaon_Kter

    Menel: which versions are affected

  6. Licaon_Kter

    Menel: which versions are affected?

  7. moparisthebest

    Last critical was heartbleed by the way, sleep well!

  8. Menel

    Since they write only about 3.0.7, I assume its about 3xx. Not the first time... We'll see

  9. moparisthebest

    ah yes, next tuesday, not today, how did I read that wrong...

  10. jonas’

    rumor has it that there exists no known exploit yet, at least.

  11. jonas’

    so it's not as terrible as heartbleed.

  12. jonas’

    (probably™)

  13. Zash

    𝐓𝐡𝐞𝐲 have a whole week to make one, no rush

  14. Zash

    Menel, myeah, is OpenSSL 3.x in any Stable™ distro yet?

  15. jonas’

    Zash, Ubuntu LTS

  16. jonas’

    Zash, Ubuntu LTS (22.04)

  17. Zash

    Ubuntu, of course.

  18. jonas’

    "good luck to them"