Gajim - 2024-01-26

resoli 10:46:18
Hello Gajim folks.
resoli 10:47:40
I administer a gitlab instanc at work, and I have just upgraded to `v16.8.1` because of https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
resoli 10:48:20
I note that https://dev.gajim.org i still on `v16.7.2`which is vulnerable
resoli 10:49:04
Today I tried to access https://salsa.debian.org and it doen't seem in good shape ...
resoli 11:12:21
~~Ok, seems debian already repaired 💪️~~ ✎
resoli 11:12:34
Ok, seems debian already repaired salsa ... 💪️ ✏
resoli 11:33:30
Maybe they were simply upgrading this morning, now they are on `v16.5.8` ( *not* vulnerable )
cal0pteryx 13:34:01
asterix ^
lovetox 18:09:22
resoli, v16.7.2 is from Jan 11, 2024
lovetox 18:10:15
we update regulary, but not weekly :D
cal0pteryx 18:27:56
Bus this one has a CVE of 9.9 :D
resoli 20:04:20
lovetox: Same for me, I updated last week or so, but as cal0pteryx suggests, this is a special case.
resoli 20:06:40
https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/
resoli 20:09:03
~~And this is reporting about former vulnerability, not latest one ...~~ ✎
resoli 20:11:22
This is reporting about former vulnerability, ~not~ *and* latest one ... ✏
resoli 20:12:31
And this is reporting about former vulnerability, not latest one ... ✏
resoli 20:17:07
https://nvd.nist.gov/vuln/detail/CVE-2024-0402