=== amurray_ is now known as amurray
=== TheMaster is now known as Unit193
=== Voeid7 is now known as Voeid
=== arif-ali_ is now known as arif-ali
=== cpaelzer_ is now known as cpaelzer
[15:53] <mainek00n> The upstream package statuses do not seem to meet the format(`<release>_<source-package>: <status> (<version/notes>)`), what should these statuses be set to?
[15:53] <mainek00n> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-33503
[15:53] <mainek00n> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-0085
[15:53] <mainek00n> https://git.launchpad.net/ubuntu-cve-tracker/tree/retired/CVE-2021-28363
[15:53] <ubottu> An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503>
[15:53] <ubottu> Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0085>
[15:53] <ubottu> The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContex... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363>
[16:26] <sarnold> mainek00n: probably 'released (version)' if they actualy released a fixed version
[16:33] <mainek00n> Is there a plan to set the appropriate status by the security team?
=== Serge_ is now known as hallyn