Hi Ge0rG, what was the last status of this security/cve extraction?
Wojtekhas left
xnamedhas joined
Steve Killehas left
Tim Rhas left
Kevhas left
Steve Killehas joined
Tim Rhas joined
Kevhas joined
Tim Rhas left
Tim Rhas joined
Kevhas left
Kevhas joined
belovehas joined
rubihas joined
atomicwatchhas left
mathijshas left
mathijshas joined
florettahas left
inkyhas left
inkyhas joined
mjkhas left
mjkhas joined
goffihas left
goffihas joined
catchyhas left
catchyhas joined
florettahas joined
intosihas left
inkyhas left
inkyhas joined
mjkhas left
intosihas joined
belovehas left
mjkhas joined
belovehas joined
inkyhas left
mjkhas left
inkyhas joined
mjkhas joined
mjkhas left
mjkhas joined
gooyahas left
gooyahas joined
eevvoorhas left
Steve Killehas left
mjkhas left
mjkhas joined
antranigvhas left
Steve Killehas joined
davidhas joined
davidhas left
mjkhas left
Ge0rG
emus: it was considered a bad marketing idea to have a central list of the xmpp shortcomings
Tim Rhas left
emus
Ah I remember. Well is it that much or is it that in general?
I mean, each software has that problems I believe?
Tim Rhas joined
emus
lets look at the others https://www.opencve.io/cve?vendor=matrix
Tim Rhas left
Tim Rhas joined
Tim Rhas left
Tim Rhas joined
Tim Rhas left
Tim Rhas joined
Tim Rhas left
Tim Rhas joined
Tim Rhas left
moparisthebest
There matrix is a vendor though, XMPP isn't and neither is the XSF
moparisthebest
ie https://www.opencve.io/cve?vendor=gajim
emus
https://www.opencve.io/cve?cvss=&search=xmpp
well yes, but you get an answer
mjkhas joined
Tim Rhas joined
Tim Rhas left
Tim Rhas joined
Tim Rhas left
resolihas left
sonnyhas left
sonnyhas joined
sonnyhas left
mjkhas left
sonnyhas joined
resolihas joined
sonnyhas left
sonnyhas joined
emus
> Ge0rG:
> 2022-09-28 05:46 (GMT+02:00)
> emus: it was considered a bad marketing idea to have a central list of the xmpp shortcomings
is that the general opinion around here?
emus
btw
neshtaxmpphas left
neshtaxmpphas joined
stphas left
konstantinoshas left
eevvoorhas joined
rubihas left
rubihas joined
resolihas left
papatutuwawahas left
Patigahas left
konstantinoshas joined
davidhas joined
davidhas left
konstantinoshas left
konstantinoshas joined
sonnyhas left
sonnyhas joined
eevvoorhas left
inkyhas left
belovehas left
belovehas joined
catchyhas left
catchyhas joined
MSavoritias (fae,ve)has left
MSavoritias (fae,ve)has joined
atomicwatchhas joined
Kevhas left
atomicwatchhas left
atomicwatchhas joined
inkyhas joined
sbachhas left
sbachhas joined
gooyahas left
gooyahas joined
resolihas joined
wladmishas left
wladmishas joined
atomicwatchhas left
atomicwatchhas joined
gooyahas left
gooyahas joined
resolihas left
Patigahas joined
resolihas joined
mathijshas left
mathijshas joined
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
Titihas left
kryptoshas joined
kryptoshas left
edhelashas left
edhelashas joined
intosihas left
stphas joined
kryptoshas joined
kryptoshas left
catchyhas left
neshtaxmpphas left
neshtaxmpphas joined
Tim Rhas joined
MSavoritias (fae,ve)has left
MSavoritias (fae,ve)has joined
atomicwatchhas left
papatutuwawahas joined
belovehas left
kryptoshas joined
kryptoshas left
davidhas joined
davidhas left
Maxencehas left
belovehas joined
kryptoshas joined
kryptoshas left
djorzhas joined
kryptoshas joined
kryptoshas left
Paganinihas joined
kryptoshas joined
kryptoshas left
atomicwatchhas joined
pablohas joined
goffihas left
goffihas joined
djorzhas left
LNJhas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
LNJhas joined
Titihas joined
p42ityhas left
kryptoshas joined
kryptoshas left
pablohas left
kryptoshas joined
kryptoshas left
davidhas joined
davidhas left
kryptoshas joined
kryptoshas left
belovehas left
atomicwatchhas left
djorzhas joined
belovehas joined
kryptoshas joined
kryptoshas left
Tobiashas left
Tobiashas joined
atomicwatchhas joined
belovehas left
Andrzejhas left
belovehas joined
Tobiashas left
Tobiashas joined
Yagizahas left
kryptoshas joined
kryptoshas left
Tobiashas left
Tobiashas joined
pasdesushihas joined
stphas left
Tobiashas left
Tobiashas joined
kryptoshas joined
kryptoshas left
belovehas left
kryptoshas joined
kryptoshas left
BASSGODhas left
belovehas joined
Tobiashas left
Tobiashas joined
BASSGODhas joined
resolihas left
Tobiashas left
Tobiashas joined
kryptoshas joined
kryptoshas left
MSavoritias (fae,ve)
I could see it in only the context of maybe server operators.
But then i think there are better sources for that.
me9has joined
davidhas joined
davidhas left
moparisthebest
emus: does IETF have a list of CVEs related to RFCs ?
moparisthebest
I think if they don't then we shouldn't
ralphmhas left
stphas joined
inkyhas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
inkyhas joined
karoshihas left
ralphmhas joined
davidhas joined
davidhas left
goffihas left
belovehas left
emus
Maybe they should if they don't have
kryptoshas joined
kryptoshas left
karoshihas joined
belovehas joined
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
kryptoshas joined
kryptoshas left
kryptoshas joined
moparisthebest
Good then we should wait for them to do it then just filter the ones from the XMPP RFC :)
daagshas left
daagshas joined
moparisthebest
> "Malicious key backup" – the above 'trusted impersonation' bug in matrix-js-sdk (and derived SDKs) could be used by a malicious homeserver admin to add a malicious key backup to the user's account under certain unusual conditions in order to exfiltrate message keys.
MattJ
I don't think the IETF is a fair analogy. The XSF has always been more about the ecosystem and implementations than the IETF (I mean, it used to be called the Jabber *Software* Foundation). It is also much narrower in scope.
moparisthebest
Wow @ matrix, it's not a protocol bug, it's just e2e that allows your server admin to request a copy of your keys
moparisthebest
This is an argument against OX style key sharing by the way