Saturday, March 30, 2024
dev@conference.yunohost.org
March
Mon Tue Wed Thu Fri Sat Sun
        1
 2
 3
4
 5
 6
 7 8 9
 10
11
 12
 13
 14
 15
 16
 17
18
 19
 20
 21
 22
 23
 24
25
 26
 27
 28
 29
 30
 31
             

[03:01:27] <@rosbeefandino:3cmr.fr> any one understand that ? llibzma have a backdoor; see https://tracker.debian.org/pkg/xz-utils and https://www.openwall.com/lists/oss-security/2024/03/29/4"
[03:01:41] <@rosbeefandino:3cmr.fr> ok.
[03:01:41] <Bram> we discussed it on https://matrix.to/#/!PauySEslPVuJCJCwlZ:matrix.org/$NOB5O1A2MOufjTxAy4NmlOwS3KhtYif2ThhU4H1KLmE?via=matrix.org&via=aria-net.org&via=sans-nuage.fr
[03:01:42] <Bram> but tl;dr: the reverse of the incriminated code hasn't been completely done yet so we don't know exactly what is happening
[03:06:37] <@rosbeefandino:3cmr.fr> thanks
[12:01:32] <Yunohost Git/Infra notifications> Salamandar edited repository ynh-dev: Dev environement wrapper, based on Incus, to develop on YunoHost https://github.com/YunoHost/ynh-dev
[12:01:33] <Yunohost Git/Infra notifications> Salamandar edited repository ynh-dev: Dev environement wrapper, based on Incus, to develop on YunoHost https://github.com/YunoHost/ynh-dev
[12:02:41] <Salamandar> > <@Bram_:matrix.org> but tl;dr: the reverse of the incriminated code hasn't been completely done yet so we don't know exactly what is happening

Yeah but basically it overrides the "decrypt and check the private ssh key" function of sshd to, very probably, accept the attacker's own ssh key
[12:10:50] <emile> hola 👋
[12:11:13] <emile> 'I got something weird when I try to add an email forward:
error: Invalid argument 'mail': Must be a valid e-mail address, without '+' symbol (e.g. someone@example.com)
[12:12:22] <emile> I think this is not what we expect :) the email validator is too restrictive here
[13:24:35] <emile> \+ is missing on line 21, I think it's a miss compare to the line 25 https://github.com/YunoHost/yunohost-admin/blob/e1b2630138401e398143d4d7756174e05832bbe1/app/src/helpers/validators/customValidators.js#L21-L26
[14:55:19] <Bram> axolotle: ^
[14:56:36] <Bram> https://forum.yunohost.org/t/impact-of-the-two-recent-security-vulnerabilities-on-yunohost/29133
[15:40:32] <Émy - OniriCorpe> > \+ is missing on line 21, I think it's a miss compare to the line 25 https://github.com/YunoHost/yunohost-admin/blob/e1b2630138401e398143d4d7756174e05832bbe1/app/src/helpers/validators/customValidators.js#L21-L26

If you can, a PR would be greatly appreciated ^w^