/srv/irclogs.ubuntu.com/2025/02/14/#ubuntu-security.txt

lunais the podcast on hold, not been any episodes this year?08:03
tewardmdeslaur: sbeattie: re: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1977718 i doubt CVEs have been issued because its a third party repo not part of main NGINX sources (so no CVE issuing authority directly auditing it)15:27
-ubottu:#ubuntu-security- Launchpad bug 1977718 in nginx (Ubuntu) "buffer overflow in nginx rtmp module" [Undecided, Confirmed]15:27
mdeslaurteward: if you want to fix it, we can sponsor debdiffs15:27
tewardmdeslaur: lemme do due diligence first - gotta make sure this is fixed in Debian ;)15:28
mdeslaurthe modules were removed in recent nginx packages so it's just focal and jammy afaik15:29
tewardmdeslaur: modules in Debian were moved to extra source packages15:29
tewardso still wanna make sure tbey're fixed in Debian15:29
tewardhuge restructure of nginx packaging happened in Debian xD15:29
tewardbut i'll get debdiffs15:30
teward... as soon as I figure out where the hell my laptop charger is15:30
mdeslaurhehe cool15:31
tewardmdeslaur: since i'm not in front of my computer can you assign relevant series tasks to ta15:37
tewardthat bug*15:37
tewardso, focal and jammy.15:37
mdeslaursure15:38
tewardmdeslaur: debdiffs attached. unfortunately since it's not quilt patches since it's inside debian/modules/... folder it looks a little weird but let me know if the debdiffs are sufficient or not18:49
tewardand feel free to have your way with them :018:49
teward*goes to get another coffee*18:49
tewardalso apologies i had to do some actual Work today xD18:49
tewardso i got pulled away for a bit18:49
tewardunrelated: i'm enjoying messing around with a new framework 16 laptop so yay :P18:51
mdeslauroh, that' cool18:52
mdeslaurthanks for the debdiffs, I'll take a look next week18:52
tewardmdeslaur: since Ubuntu can assign CVE numbers, do you want to go and assign such CVEs to these two incidents, or do you just want to say "screw it" and patch without CVE numbers?18:53
tewardand ye no problem and no rush :)18:53
tewards/Ubuntu can assign/Ubuntu Security team can assign/18:53
mdeslaurI don't think we can assign CVEs to public issues like that18:54
mdeslaursarnold: ^18:54
tewardoh good i've officially gotten us to ping sarnold18:54
tewardsarnold: speaking of you, how goes that mailman3 MIR?  :P18:55
teward(me literally just dredging up reasons for sarnold to tell me to go to heck xD)18:55
tewardmdeslaur: ultimately, whether it has a CVE or not, it's inclusion-worthy for Security updates, so even without a CVE we can indicate these issues were identified and fixed upstream in any USN or such18:57
mdeslaurwe can release a usn with a bug number18:58
tewardcheck :D18:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!