6 Oct 2024 |
Winter | yeah i don't like this... i'll write up something | 17:53:22 |
emily | i think we have decent consensus to not mark it right now at this point | 17:57:03 |
7 Oct 2024 |
| Sam Lehman changed their profile picture. | 14:24:09 |
9 Oct 2024 |
Nick Cao | firefox RCE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ | 14:12:28 |
Valodim | whew | 14:20:57 |
emily | @hexa:lossy.network
| 14:30:23 |
hexa | cool. | 14:30:33 |
Vika Shleina (she/her) | In reply to @nickcao:nichi.co firefox RCE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ Is firefox-devedition (131.0b9) vulnerable? Not entirely familiar with Firefox versioning | 14:34:54 |
hexa | very likely | 14:35:09 |
hexa | https://github.com/NixOS/nixpkgs/pull/347500 | 14:38:25 |
Vika Shleina (she/her) | In reply to @hexa:lossy.network very likely There is apparently Firefox 132 beta. I could try my hand at bumping this. | 14:47:08 |
hexa | uh, I can push more to my branch | 14:47:22 |
hexa | ok, bumped | 14:51:20 |
Vika Shleina (she/her) | Thank you! 💖 | 14:51:39 |
hexa | the expensive thing is to test the stuff 🙂 | 14:52:06 |
hexa | ok, firefox is bumped, tested and backported | 18:13:40 |
hexa | I'm kicking the hydra jobsets next | 18:13:57 |
emily | Download image.png | 21:39:41 |
emily | all it needs is a stale bot response for the perfect GitHub comedy | 21:39:44 |
Fabián Heredia | https://x.com/vxunderground/status/1844122743727673366
Allegedly web.archive.org compromised | 22:35:58 |
Fabián Heredia | Currently appears to be only a defacement of the landing page | 22:36:10 |
emily | oh good | 22:37:06 |
Fabián Heredia |
| 22:37:57 |
Fabián Heredia | * plus a DDoS since yesterday | 22:38:13 |
emily | what do we think about https://github.com/NixOS/nixpkgs/pull/347601, give it a day or just merge now? | 23:02:02 |
emily | we should probably poke channels once we merge the Tor Browser etc. backports | 23:02:15 |
emily | so I'm inclined to slap the warning on now | 23:02:19 |
emily | and consider removal if they don't move fast | 23:02:27 |
emily | making the judgement call to merge, since it's an actively-exploited RCE | 23:08:03 |
emily | librewolf{,-bin} had update PRs from 3 weeks ago that nobody acted on | 23:12:51 |