!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

689 Members
Coordination and triage of security issues in nixpkgs216 Servers

Load older messages


SenderMessageTime
21 Jun 2021
@janne.hess:helsinki-systems.dedas_j I think ajs124 is currently on it 13:07:24
@hexa:lossy.networkhexaI hope he knows that as well13:07:49
@janne.hess:helsinki-systems.dedas_jHe told me so - so he might know but who am I to tell13:08:53
@robert:funklause.dedotlambda In pigeonhole, the following was fixed: CVE-2020-28200: Sieve excessive resource usage. But I'm not sure version 0.5.15 can be used with earlier versions of Dovecot, so what do we do on stable? 13:12:46
@andreas.schraegle:helsinki-systems.deajs124 dotlambda: backport? 13:18:13
@andreas.schraegle:helsinki-systems.deajs124there's also 2.3.14.1, maybe that works with the new dovecot?13:18:24
@andreas.schraegle:helsinki-systems.deajs124 * there's also 2.3.14.1, maybe that works with the new pigeonhole?13:18:28
@robert:funklause.dedotlambdaI'm gonna ask on IRC13:18:37
@andreas.schraegle:helsinki-systems.deajs124https://github.com/NixOS/nixpkgs/pull/12766713:24:27
@andreas.schraegle:helsinki-systems.deajs124 andi-: aren't you a dovecot user? if so, do you maybe have some time to review ⬆️? 14:37:45
@andi:kack.itandi-I can't test right now. Only gonna be back home on sunday.14:39:23
@janne.hess:helsinki-systems.dedas_j ajs124: You can test on mail02 14:39:38
@janne.hess:helsinki-systems.dedas_jIsn't there a dovecot?14:39:47
@andreas.schraegle:helsinki-systems.deajs124I can also test on mail01 🤷‍♂️14:40:01
@janne.hess:helsinki-systems.dedas_jI do hereby explicitly not approve of this14:40:16
@andreas.schraegle:helsinki-systems.deajs124
Active: active (running) since Mon 2021-06-21 16:35:54 CEST; 4min 29s ago
14:40:31
@andreas.schraegle:helsinki-systems.deajs124 *
Active: active (running) since Mon 2021-06-21 16:35:54 CEST; 4min 29s ago
CGroup: /system.slice/dovecot2.service
        ├─2666908 /nix/store/cmh9cnp6ng654xkb0la6yk9hsrniaqmd-dovecot-2.3.15/sbin/dovecot -F
14:40:54
@hexa:lossy.networkhexadoesn't crash, okay. but does it also work?14:41:06
@andreas.schraegle:helsinki-systems.deajs124it throws the same error messages as in the previous release?14:41:26
@hexa:lossy.networkhexaawesome14:41:34
@andreas.schraegle:helsinki-systems.deajs124we even still have the systemd unit that isn't used by the module (I think) in the package14:43:13
@leo:gaspard.ninjaEkleogRedacted or Malformed Event14:52:54
@leo:gaspard.ninjaEkleogRedacted or Malformed Event14:53:33
@leo:gaspard.ninjaEkleogRedacted or Malformed Event14:54:20
@gilganix:matrix.org-(GNU/ℝτ)- joined the room.20:04:48
22 Jun 2021
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.12:06:09
@r_i_s:matrix.orgris_was just looking at the backport for this18:31:57
@r_i_s:matrix.orgris_before i "went there" i wanted to see if i could get dovecot's tests enabled18:32:27
@r_i_s:matrix.orgris_i.e. internal package tests18:32:40
@r_i_s:matrix.orgris_because the fix includes a test and that would give me extra confidence we were a) actually fixing stuff b) not breaking stuff18:33:21

There are no newer messages yet.


Back to Room ListRoom Version: 6