meeting notes: 2024-08-07

haskell · Aug 7, 2024 · 2f34d8d · 2f34d8d
1 parent 37a07b3
commit 2f34d8d
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/meeting-notes/2024-08-07.md b/meeting-notes/2024-08-07.md
@@ -0,0 +1,30 @@
+# SRT meeting 2024-08-07
+
+Previously:
+https://github.com/haskell/security-advisories/blob/main/meeting-notes/2024-07-24.md
+
+## Embargoed vulnerability work
+
+We contacted the affected maintainers and we are coordinating the disclosure.
+
+## haskell.org crlf injection vulnerability
+
+Divya Singh reported a vulnerability on the haskell.org website that has been fixed by upgrading the apache package.
+
+## CVSS version 4.0 [#208](https://github.com/haskell/security-advisories/pull/208)
+
+@unorsk added support for the latest Common Vulnerability Scoring System.
+
+## haskell.org blog and security advisories
+
+We discussed about posting security update news to the upcoming haskell.org blog.
+
+## Call for Volunteers
+
+The draft is still in progress.
+
+## GitHub Action cabal-audit scan
+
+* Gautier has start to work on a [GitHub Action](https://github.com/blackheaven/haskell-security-action) which aims to run `cabal audit`
+* Still under development, most of the code is done (i.e. push results to the security section of the repository)
+* Packaging issues mainly for the moment