!NBBFPbiuttRgTqbrcY:nixos.org

NixOS Security Discussions

363 Members
Discussions around Security | Triaging happens in #security:nixos.org126 Servers

Load older messages

SenderMessageTime
9 Oct 2024
@nickcao:nichi.coNick Caofirefox RCE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/14:12:28
@Valodim:stratum0.orgValodimwhew14:20:57
@emilazy:matrix.orgemily

@hexa:lossy.network

14:30:23
@hexa:lossy.networkhexacool.14:30:33
@vsh:nyantec.comVika Shleina (she/her)
In reply to @nickcao:nichi.co
firefox RCE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
Is firefox-devedition (131.0b9) vulnerable? Not entirely familiar with Firefox versioning 		14:34:54
@hexa:lossy.networkhexavery likely14:35:09
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/34750014:38:25
@vsh:nyantec.comVika Shleina (she/her)
In reply to @hexa:lossy.network
very likely
There is apparently Firefox 132 beta. I could try my hand at bumping this. 		14:47:08
@hexa:lossy.networkhexauh, I can push more to my branch14:47:22
@hexa:lossy.networkhexaok, bumped14:51:20
@vsh:nyantec.comVika Shleina (she/her)Thank you! 💖14:51:39
@hexa:lossy.networkhexathe expensive thing is to test the stuff 🙂 14:52:06
@hexa:lossy.networkhexaok, firefox is bumped, tested and backported18:13:40
@hexa:lossy.networkhexaI'm kicking the hydra jobsets next18:13:57
@emilazy:matrix.orgemilyimage.png
Download image.png		21:39:41
@emilazy:matrix.orgemilyall it needs is a stale bot response for the perfect GitHub comedy21:39:44
@fabianhjr:matrix.orgFabián Herediahttps://x.com/vxunderground/status/1844122743727673366 Allegedly web.archive.org compromised22:35:58
@fabianhjr:matrix.orgFabián HerediaCurrently appears to be only a defacement of the landing page22:36:10
@emilazy:matrix.orgemilyoh good22:37:06
@fabianhjr:matrix.orgFabián Heredia
  • DDoS
22:37:57
@fabianhjr:matrix.orgFabián Heredia * plus a DDoS since yesterday22:38:13
@emilazy:matrix.orgemilywhat do we think about https://github.com/NixOS/nixpkgs/pull/347601, give it a day or just merge now?23:02:02
@emilazy:matrix.orgemilywe should probably poke channels once we merge the Tor Browser etc. backports23:02:15
@emilazy:matrix.orgemilyso I'm inclined to slap the warning on now23:02:19
@emilazy:matrix.orgemilyand consider removal if they don't move fast23:02:27
@emilazy:matrix.orgemilymaking the judgement call to merge, since it's an actively-exploited RCE23:08:03
@emilazy:matrix.orgemily librewolf{,-bin} had update PRs from 3 weeks ago that nobody acted on 23:12:51
@emilazy:matrix.orgemilythankfully not security23:13:16
@fabianhjr:matrix.orgFabián Heredia
In reply to @fabianhjr:matrix.org
https://x.com/vxunderground/status/1844122743727673366

Allegedly web.archive.org compromised

Update: vx-underground claims data breach impacting user data

https://x.com/vxunderground/status/1844158531210973555

23:42:58
@fabianhjr:matrix.orgFabián Herediaalso lol if true on the motivation of the DDoS. XD23:44:28

Show newer messages

Back to Room ListRoom Version: 9