[00:36] <ItzSwirlz> sarnold: facts
=== amurray_ is now known as amurray
=== blahdeblah_ is now known as blahdeblah
[11:59] <rbasak> mdeslaur: I understand openssl Bionic SRUs are backed up. You might find https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1978093 useful though.
[11:59] <ubottu> Launchpad bug 1978093 in openssl (Ubuntu Bionic) "openssl: FTBFS due to expired certificates" [Undecided, New]
[12:00] <mdeslaur> rbasak: ah, thanks, I'll include those in the security update
[18:38] <hank> re: CVE-2021-33912: the broken date is still in the OVAL feeds: `curl -sSLf 'https://security-metadata.canonical.com/oval/com.ubuntu.focal.cve.oval.xml.bz2' | bzgrep '>unknown<'`
[18:38] <ubottu> libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infra... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33912>
[18:50] <hank> ditto the other libspf2 advisory
[19:37] <sarnold> argh. :( thanks hank
=== jchittum_ is now known as jchittum