| 20 Oct 2023 |
 Lun | Recent zlib CVE, don't know if this needs patched quickly
https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/843 | 00:13:19 |
|  @ninjatrappeur:alternativebit.fr changed their display name from NinjaTrappeur to PicNoir (was Ninjatrappeur). | 10:33:36 |
|  @julian:nekover.se changed their display name from Julian to miau. | 15:05:16 |
| @julian:nekover.se changed their display name from miau to Julian. | 15:07:31 |
| 21 Oct 2023 |
|  pbsds joined the room. | 10:17:11 |
|  Mikael Fangel changed their display name from rwx-rwx-rwx to Mikael Fangel. | 17:15:39 |
| Mikael Fangel set a profile picture. | 17:22:09 |
| 22 Oct 2023 |
 tgerbet | In reply to @lt1379:matrix.org
Recent zlib CVE, don't know if this needs patched quickly
https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/843 It only impacts minizip and not zlib itself
https://github.com/NixOS/nixpkgs/pull/262722
| 11:19:25 |
|  globin joined the room. | 20:01:57 |
| 23 Oct 2023 |
|  SomeoneSerge (matrix works sometimes) changed their display name from Someone (UTC+3) to SomeoneSerge (UTC+1). | 09:09:21 |
|  globin left the room. | 09:49:04 |
| globin set a profile picture. | 14:27:40 |
| 24 Oct 2023 |
 hexa | working on openssl | 14:03:43 |
| hexa |
Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
| 14:07:36 |
| hexa | https://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-2023 | 14:07:41 |
 K900 | That doesn't look too bad at least | 14:08:04 |
| hexa | https://github.com/NixOS/nixpkgs/pull/263150 | 14:14:26 |
| hexa |
Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length (CVE-2023-5363).
| 14:20:20 |
| hexa | now with more words! | 14:20:24 |
 @mtheil:scs.ems.host | hexa: Do you also open a PR for 23.05 or can I? | 14:43:56 |
| hexa | hrm, backport action won't do it, because of openssl_3_1 | 14:44:53 |
| @mtheil:scs.ems.host | yep | 14:44:58 |
| hexa | make sure to cherry-pick with -x | 14:45:08 |
| hexa | and make sure to change hash back to sha256 | 14:45:22 |
| hexa | we're not in a hurry really, because staging-next will likely go first | 14:46:55 |
| @mtheil:scs.ems.host | ok | 14:51:42 |
| hexa | and if the version that goes into staging changes, you'll need to update the reference 😛 | 14:55:06 |
| @mtheil:scs.ems.host | Sry, overlooked the target branch :( | 14:56:09 |
| @mtheil:scs.ems.host | In reply to @hexa:lossy.network
and if the version that goes into staging changes, you'll need to update the reference 😛 I'll wait for it. Thanks for the fast close 😅 | 14:59:19 |
| 25 Oct 2023 |
|  @federicodschonborn:matrix.org changed their profile picture. | 00:13:15 |
