rare-dev - [rare-dev] bulk upgrade of the rare packages

Subject: Rare project developers

List archive

[rare-dev] bulk upgrade of the rare packages

From: mc36 <>
To: Alexander Gall <>
Cc: Xavier Jeannin <>, "" <>
Subject: [rare-dev] bulk upgrade of the rare packages
Date: Fri, 22 Jul 2022 08:35:08 +0200

hi,
a lot changed since the release got packages frozen about 2 years ago...
the debian kernel we ship have 2 cves in the past month, one is a local root
exploit,
the latest simply hard-freeze the box (on poz-onl, type
/home/rare/CVE-2022-34918/poc)
the jvm we're shipping also had several cves, one accepts empty ec signatures
as valid
(CVE-2022-21449), renderinging such signatures are hackable...
in the meanwhile, xavier's secops team is examining the images we produced...
all this point in one direction, it's time to plan for a regular bump of the
packages we ship....
thanks,
cs

[rare-dev] bulk upgrade of the rare packages, mc36, 07/22/2022
- Re: [rare-dev] bulk upgrade of the rare packages, Alexander Gall, 07/22/2022
  - Re: [rare-dev] bulk upgrade of the rare packages, mc36, 07/22/2022
    - Re: [rare-dev] bulk upgrade of the rare packages, mc36, 07/22/2022
      - Re: [rare-dev] bulk upgrade of the rare packages, mc36, 07/22/2022
        
        Re: [rare-dev] bulk upgrade of the rare packages, mc36, 07/22/2022
        
        Re: [rare-dev] bulk upgrade of the rare packages, Alexander Gall, 07/22/2022
        
        Re: [rare-dev] bulk upgrade of the rare packages, mc36, 07/22/2022
        Re: [rare-dev] bulk upgrade of the rare packages, Alexander Gall, 07/22/2022
    - Re: [rare-dev] bulk upgrade of the rare packages, mc36, 07/22/2022
    - Re: [rare-dev] bulk upgrade of the rare packages, Alexander Gall, 07/22/2022

List archive

[rare-dev] bulk upgrade of the rare packages