Excerpts from Landry Breuil's message of September 10, 2022 4:59 pm: > here's a diff to update nheko and its deps, seems to work fine here in > basic testing. havent tested other olm consumers but the changelog isnt > scary: > https://gitlab.matrix.org/matrix-org/olm/-/blob/master/CHANGELOG.rst
Thanks a lot for patching olm, which I just wanted to address myself. The current version 3.2.6 is vulnerable to a known buffer overflow[0] which got fixed in 3.2.8. I have successfully tested the updated olm package against its Python library. The other changes I have not checked. This might be a bit nit-picky, but the comment next to the SHARED_LIBS version should also be bumped to 3.2.12. [0] https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk