!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

685 Members
Coordination and triage of security issues in nixpkgs214 Servers

Load older messages


SenderMessageTime
7 Jun 2021
@henson:matrix.orgHensonoops %s/postgres/postgresql/g13:59:12
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/126088 https://github.com/NixOS/nixpkgs/pull/12608916:15:49
@hexa:lossy.networkhexapossible remote code execution in isync/mbsync16:16:01
@sandro:supersandro.deSandro
In reply to @henson:matrix.org
Sandro: so if postgres_11 gets bumped from 11.11 to 11.12, then all packages that have postgres_11 in their closure have to get rebuilt, right?
yes
16:35:26
8 Jun 2021
@dualinverter:matrix.orgdualinverter left the room.08:41:37
@hexa:lossy.networkhexahttps://nvd.nist.gov/vuln/detail/CVE-2021-351411:13:42
@hexa:lossy.networkhexathe package looks unmaintained, only carried ahead by treewide changes, maybe a candidate for removal …11:14:05
@janne.hess:helsinki-systems.dedas_j389 was a Totgeburt imo (don't know an english term for that). I have never heard anyone use it11:31:58
@janne.hess:helsinki-systems.dedas_j * 389 was a Totgeburt imo (don't know an english term for that). I have never heard anyone use it. Only some considered switching but nobody really did11:32:18
@kranzes:matrix.orgkranzes joined the room.11:37:47
@hexa:lossy.networkhexastillborn/stillbirth11:37:56
@janne.hess:helsinki-systems.dedas_jyeah11:38:15
@linus.heckemann:matrix.mayflower.deLinux HackermanUnpleasant metaphor to use for it IMHO though.11:38:18
@hexa:lossy.networkhexaindeed11:38:22
@janne.hess:helsinki-systems.dedas_jyeah, I really didn't think about the actual meaning of it11:38:38
@janne.hess:helsinki-systems.dedas_j * yeah, I really didn't think about the actual meaning of it, sorry11:38:49
@pennae:matrix.eno.spacepennaethey do claim to run some of the biggets ldap installation in the world, whatever that claim is good for11:38:53
@hexa:lossy.networkhexa
dcb501f9932     Sandro Jäckel   Sun Mar 14 17:11:48 2021 +0100  kerberos: deprecate alias
c657b02df28     Frederik Rietdijk       Thu Mar 25 10:18:20 2021 +0100  _389-ds-base: use python3
9bb3fccb5b5     Jonathan Ringer Mon Jan 18 22:50:56 2021 -0800  treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
872973d7d1a     Ben Siraphob    Fri Jan 15 14:07:56 2021 +0700  pkgs/servers: stdenv.lib -> lib
4a7f99d55d2     Profpatsch      Mon Jan 11 08:54:33 2021 +0100  treewide: with stdenv.lib; in meta -> with lib;
725f85e271b     Jörg Thalheim   Sat Dec 21 22:44:50 2019 +0000  net-snmp: rename from net_snmp
d0f75abb39e     Renaud  Tue May 21 11:09:31 2019 +0200  389-ds-base: 1.3.5.19 -> 1.3.9.1 (#61675)
b5c1deca8ad     Jörg Thalheim   Sat Jan 26 10:01:09 2019 +0000  treewide: remove wkennington as maintainer
52f53c69ce6     volth   Sat Jul 21 00:44:44 2018 +0000  pkgs/*: remove unreferenced function arguments
0fd461d5b5d     Tuomas Tynkkynen        Tue May 22 16:47:28 2018 +0300  db: Use more conventional outputs, also split bin
436c8fd2873     mimadrid        Thu Oct 26 23:42:06 2017 +0200  389-ds-base: fix homepage url
ed14223f8c3     John Ericson    Thu Sep 14 15:24:37 2017 -0400  treewide: Manual fix more pkg-config build-inputs
7120479e5b1     Tim Steinbach   Sun Aug 20 16:22:59 2017 -0400  389-ds-base: 1.3.5.17 -> 1.3.5.19
ef875a60c11     Graham Christensen      Sun Feb 5 16:40:28 2017 -0500   389-ds-base: 1.3.5.4 -> 1.3.5.15
14a3d2d2fff     Franz Pletz     Thu Nov 10 03:49:22 2016 +0100  389-ds-base: add patch to fix CVE-2016-5416
44134d52aed     Franz Pletz     Sat Sep 24 20:16:27 2016 +0200  389-ds-base: 1.3.3.9 -> 1.3.5.4
bd01fad0ed2     Bjørn Forsman   Mon Jun 20 12:53:46 2016 +0200  Captialize meta.description of all packages
4e0307dcfc4     Tuomas Tynkkynen        Sat Apr 16 19:48:19 2016 +0300  treewide: Make explicit that 'dev' output of cyrus_sasl is used
55d90c6bdbb     Robert Helgesson        Sun Apr 17 17:36:00 2016 +0200  389-ds-base: fix compilation
832aeb66f87     Eelco Dolstra   Mon Jun 1 21:33:51 2015 +0200   Revert "Fix krb5 reference"
9f0da5315b4     William A. Kennington III       Thu May 28 20:31:22 2015 -0700  Fix krb5 reference
93d6ac9a0c4     William A. Kennington III       Fri Apr 17 14:09:41 2015 -0700  389-ds-base: 1.3.3.5 -> 1.3.3.9
db62c43a45b     William A. Kennington III       Fri Jan 9 15:01:01 2015 -0800   389-ds-base: Fix perl scripts
fe9529ae3fe     William A. Kennington III       Fri Jan 9 11:05:12 2015 -0800   389-ds-base: Fix build
400cd62cfc8     William A. Kennington III       Tue Dec 30 09:30:15 2014 -0800  389-ds-base: Add derivation
11:40:24
@hexa:lossy.networkhexathere is also no module for it, and it is multiple versions behind as it hasn't been bumped in over two years11:40:56
@qyliss:fairydust.spaceAlyssa Rossmaybe, uh, link to the commits on GitHub next time? :) that message takes over my whole screen11:41:29
@hexa:lossy.networkhexaI could bump it now, but I have no inclination to test it :)11:41:33
@janne.hess:helsinki-systems.dedas_j we could remove it from master and add knownVulnerabilities to the 20.09 and 21.05 branch, maybe someone who uses it will fix it 11:41:56
@hexa:lossy.networkhexahad hoped the code blocks are limited and scrollable viewports11:41:59
@qyliss:fairydust.spaceAlyssa Rossnot in my client at least11:42:15
@hexa:lossy.networkhexaweechat-matrix?11:42:44
@qyliss:fairydust.spaceAlyssa Rossmhmm11:43:00
@hexa:lossy.networkhexayeah, there's not really a way to map viewports in a good way to weechat I guess11:43:21
@hexa:lossy.networkhexamaybe code blocks should be urls like pastebins11:43:47
@hexa:lossy.networkhexaRedacted or Malformed Event11:43:59
@qyliss:fairydust.spaceAlyssa RossI actually quite like actual code blocks rendering inline, but a commit log seemed a little silly11:44:09

There are no newer messages yet.


Back to Room ListRoom Version: 6