shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

254
active users

#cve

3 posts2 participants0 posts today

#libsoup #cve is marked as insecure and
#bambu-studio depends on libsoup and is the reason I can't build my #nixos

just takes me to long to find this.
Is there a faster way to see which config packages depends on?

nix why-depends ?

Just got slotted in for BSidesLV on talking about (you guessed it) #CVE:

bsideslv.org/talks#what-should

Hang out with me and the gang on Tuesday at 13:00.

And of course keep an eye on all of @runZeroInc's other Vegas haps:

runzero.com/summer-camp-2025/ . We're freakin' everywhere this year.

bsideslv.orgTalks - BSides Las VegasBSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community.

In the scope of GCVE and @circl we couldn't find a practical, publicly available, and accessible document that outlines best practices for vulnerability handling and disclosure.

So we created a new one, released under an open-source license, to which everyone can freely contribute.

PDF: gcve.eu/files/bcp/gcve-bcp-02.
HTML: gcve.eu/bcp/gcve-bcp-02/
Contributing: github.com/gcve-eu/gcve.eu/blo

I love the @github Security Advisory Database because they actually preserve the data from rejected advisories including the original information and the reason for rejection.

It’s clearly much more insightful than just having a bare ID marked as "rejected."

You can easily spot this in vulnerability-lookup: vulnerability.circl.lu/vuln/cv

Yet another great example of why having diverse sources for vulnerability data matters.

Unbound 1.23.1 in now available. This security release fixes the Rebirthday Attack CVE-2025-5994.

The vulnerability re-opens up #DNS resolvers to a birthday paradox, for EDNS client subnet servers that respond with non-ECS answers. The #CVE is described here:
nlnetlabs.nl/downloads/unbound

We would like to thank Xiang Li (AOSP Lab, Nankai University) for discovering and responsibly disclosing the vulnerability.
github.com/NLnetLabs/unbound/r

Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.

The PoC is available on GitHub. A full technical writeup will be published on my blog soon.

GitHub: github.com/morgenm/sudo-chroot

GitHubGitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463