SecurityTag
ActivePublic

Members

  • This project does not have any members.

Properties

Description

Security

Recent Activity

Tue, Oct 17

baimafeima added a comment to T4785: CVE in WPA(2) (wpa_supplicant).
Tue, Oct 17, 12:47 PM · Upstream Issue, Security

Mon, Oct 16

ikey added a comment to T4785: CVE in WPA(2) (wpa_supplicant).

This issue is now addressed in:

Mon, Oct 16, 4:30 PM · Upstream Issue, Security
ikey changed the visibility for T4785: CVE in WPA(2) (wpa_supplicant).
Mon, Oct 16, 4:18 PM · Upstream Issue, Security
ikey closed T4785: CVE in WPA(2) (wpa_supplicant) as "Resolved" by committing R3179:778097c3ba71: Update wpa_supplicant to 2.6, patch upstream CVEs.
Mon, Oct 16, 4:18 PM · Upstream Issue, Security
ikey changed the status of T4785: CVE in WPA(2) (wpa_supplicant) from "Open" to "In Progress".
Mon, Oct 16, 4:10 PM · Upstream Issue, Security
ikey changed the visibility for T4785: CVE in WPA(2) (wpa_supplicant).
Mon, Oct 16, 2:18 PM · Upstream Issue, Security
kyentei edited the description of T4785: CVE in WPA(2) (wpa_supplicant).
Mon, Oct 16, 1:48 PM · Upstream Issue, Security
kyentei edited the description of T4785: CVE in WPA(2) (wpa_supplicant).
Mon, Oct 16, 1:48 PM · Upstream Issue, Security
kyentei created T4785: CVE in WPA(2) (wpa_supplicant).
Mon, Oct 16, 1:46 PM · Upstream Issue, Security

Sat, Oct 14

Herald added a reviewer for D1210: Update lame to 3.100 to address multiple CVEs: Triage Team.
Sat, Oct 14, 5:58 PM · Security

Fri, Oct 13

kyrios123 abandoned D1200: Address CVE-2017-12852.

already fixed in this version

Fri, Oct 13, 10:56 AM · Security

Thu, Oct 12

Herald added a reviewer for D1200: Address CVE-2017-12852: Triage Team.
Thu, Oct 12, 10:22 PM · Security

Wed, Oct 11

Herald added a reviewer for D1196: Address CVE-2017-2887: Triage Team.
Wed, Oct 11, 9:50 PM · Security
kyrios123 added a project to D1195: Address CVE-2017-13720 and CVE-2017-13720: Security.

Note: Changes in the ABI symbols aren't caused by the patches

Wed, Oct 11, 9:22 PM · Security
ikey added a comment to T4730: Disable Bluetooth by default.

Or just turn off bluetooth by clicking the icon in the tray - which is something you can already do. We're not a security distro like Kali, and we're not a privacy distro like Tails. We're Solus. Let's keep our eyes on the prize, please.

Wed, Oct 11, 3:30 PM · Security, Platform Integration
baimafeima added a comment to T4730: Disable Bluetooth by default.

I was actually just about to write about USB. There are users who prefer auto-mounting, others prefer to do this manually, and again others prefer to the option to block all USB ports. Here's a thought: What about introducing a Budgie security/privacy widget with different modes to switch between? Such modes could range from a total lockdown of the computer to an essentially open system and the user could choose under which mode to run the system.

Wed, Oct 11, 3:26 PM · Security, Platform Integration
ikey added a comment to T4730: Disable Bluetooth by default.

Your rationale makes no sense - in this case we should also block USB because of the potential. Gimping the out of the box experience so stuff doesn't work because
"that one time it had a CVE" - and making the system worse for the user pretty much goes against everything that makes Solus what it is.

Wed, Oct 11, 3:14 PM · Security, Platform Integration
baimafeima added a comment to T4730: Disable Bluetooth by default.

I still think bluetooth should be deactivated by default. You also don't let water run because you eventually take a shower at the end of the day. It's usually turned on when needed and should stay off when it isn't. Obviously display server and kernel are components which you cannot turn off if you want to use your system. Thanks for pointing to SSP and ASLR, wish this were documented somewhere in the help center under security though.

Wed, Oct 11, 3:03 PM · Security, Platform Integration
ikey closed T4730: Disable Bluetooth by default as "Invalid".

In that case lets disable the display server too - because we've had loads of CVEs there. Or the kernel - had tons of CVEs there :P

Wed, Oct 11, 1:45 PM · Security, Platform Integration
baimafeima created T4730: Disable Bluetooth by default.
Wed, Oct 11, 9:19 AM · Security, Platform Integration
Herald added a reviewer for D1189: Update wireshark to 2.4.2 to address multiple CVEs: Triage Team.
Wed, Oct 11, 8:40 AM · Security

Mon, Oct 9

kyrios123 requested review of D1156: Update openjpeg to 2.3.0.

Indeed, I ran it against 2.3.0.
So actually it's ready to land then ?

Mon, Oct 9, 1:36 PM · Security, Patch Submission
sunnyflunk added a comment to D1156: Update openjpeg to 2.3.0.

There were a number of CVE's for 2.2.0 (your flaw is running cvecheck on the 2.3.0 package.yml, where there aren't any CVE's against 2.3.0).

Mon, Oct 9, 1:00 PM · Security, Patch Submission
JoshStrobl added a comment to D1156: Update openjpeg to 2.3.0.

You are doing that against 2.2.0, right?

Mon, Oct 9, 12:49 PM · Security, Patch Submission
kyrios123 added a comment to D1156: Update openjpeg to 2.3.0.

I don't know if I missed something, but the cve report is empty...

Mon, Oct 9, 12:34 PM · Security, Patch Submission
JoshStrobl requested changes to D1156: Update openjpeg to 2.3.0.

there are certainly some CVE fixes but they didn't mention anything in their changelog

Mon, Oct 9, 12:28 PM · Security, Patch Submission
JoshStrobl closed D1137: Update python-bleach to 2.1.1 by committing R3708:4c5006ce4c2f: Update python-bleach to 2.1.1 (authored by EP01).
Mon, Oct 9, 11:58 AM · Security
JoshStrobl accepted D1137: Update python-bleach to 2.1.1.
Mon, Oct 9, 11:58 AM · Security

Fri, Oct 6

ikey closed D730: Update faad to 2.8.3 & convert to package.yml by committing R729:5cd67fa80eb2: Update faad to 2.8.3 & convert to package.yml (authored by kyrios123).
Fri, Oct 6, 4:08 PM · Security
ikey accepted D730: Update faad to 2.8.3 & convert to package.yml.

LGTM - nixed the long test plan (good to have them, doesn't always need to be in the index)

Fri, Oct 6, 4:08 PM · Security
ikey updated the test plan for D730: Update faad to 2.8.3 & convert to package.yml.
Fri, Oct 6, 4:07 PM · Security
ikey closed D1159: Update kerberos 5 to 1.15.2 to address CVE-2017-11368 and CVE-2017-11462 by committing R1545:fe4b8164973c: Update kerberos 5 to 1.15.2 to address CVE-2017-11368 and CVE-2017-11462 (authored by kyrios123).
Fri, Oct 6, 3:59 PM · Security
ikey accepted D1159: Update kerberos 5 to 1.15.2 to address CVE-2017-11368 and CVE-2017-11462.

LGTM

Fri, Oct 6, 3:59 PM · Security
ikey updated the test plan for D1159: Update kerberos 5 to 1.15.2 to address CVE-2017-11368 and CVE-2017-11462.
Fri, Oct 6, 3:59 PM · Security
Herald added a reviewer for D1159: Update kerberos 5 to 1.15.2 to address CVE-2017-11368 and CVE-2017-11462: Triage Team.
Fri, Oct 6, 10:59 AM · Security

Wed, Oct 4

kyrios123 closed D1148: Update curl to 7.56.0 to address CVE-2017-1000254 by committing R578:517df7b7d872: Update curl to 7.56.0 to address CVE-2017-1000254.
Wed, Oct 4, 3:19 PM · Security, Patch Submission
kyrios123 added a project to D1148: Update curl to 7.56.0 to address CVE-2017-1000254: Security.
Wed, Oct 4, 3:11 PM · Security, Patch Submission

Tue, Oct 3

EP01 added a project to D1137: Update python-bleach to 2.1.1: Security.
Tue, Oct 3, 7:46 AM · Security

Thu, Sep 28

sunnyflunk closed D1095: Update numpy to 1.13.2 by committing R2189:fd6561cdab11: Update numpy to 1.13.2 (authored by EP01).
Thu, Sep 28, 12:20 AM · Security
sunnyflunk accepted D1095: Update numpy to 1.13.2.

LGTM, thanks

Thu, Sep 28, 12:19 AM · Security

Wed, Sep 27

EP01 added a project to D1095: Update numpy to 1.13.2: Security.
Wed, Sep 27, 8:54 PM · Security
kyrios123 updated the diff for D730: Update faad to 2.8.3 & convert to package.yml.

bump to 2.8.3

Wed, Sep 27, 8:52 PM · Security

Tue, Sep 26

kyrios123 added a project to D299: Update perl to 5.26.1 to address multiple CVEs: Security.
Tue, Sep 26, 7:02 PM · Security, Requires Rebuilds, Patch Submission
kyrios123 closed D1077: Update imagemagick to 7.0.7-4 to address CVE-2017-14741 by committing R1464:7ae05c68d1da: Update imagemagick to 7.0.7-4 to address CVE-2017-14741.
Tue, Sep 26, 1:34 PM · Security, Patch Submission
kyrios123 added a project to D1077: Update imagemagick to 7.0.7-4 to address CVE-2017-14741: Security.
Tue, Sep 26, 1:33 PM · Security, Patch Submission
kyrios123 closed D1089: Update openvpn to 2.4.4 to address CVE-2017-12166 by committing R2261:919695afbd98: Update openvpn to 2.4.4 to address CVE-2017-12166.
Tue, Sep 26, 7:58 AM · Patch Submission, Security
sunnyflunk accepted D1089: Update openvpn to 2.4.4 to address CVE-2017-12166.
Tue, Sep 26, 7:55 AM · Patch Submission, Security
Herald added a reviewer for D1089: Update openvpn to 2.4.4 to address CVE-2017-12166: Triage Team.
Tue, Sep 26, 7:47 AM · Patch Submission, Security

Mon, Sep 25

kyrios123 closed D1045: Update samba to 4.6.8 to address 3 CVEs by committing R2842:c39954c6d49b: Update samba to 4.6.8 to address 3 CVEs.
Mon, Sep 25, 4:59 PM · Security
kyrios123 updated the diff for D1045: Update samba to 4.6.8 to address 3 CVEs.

use %libdir% for cups and tmpfiles.d paths

Mon, Sep 25, 4:58 PM · Security