| 26 Sep 2024 |
 Alyssa Ross | https://github.com/NixOS/nixpkgs/pull/344601 | 08:26:33 |
|  Arian joined the room. | 12:33:00 |
| Arian | This affects all nix versions. We need to make PRs for all the backports too no? | 12:34:17 |
| Arian | Not just 2.24-specific afaics | 12:34:25 |
 emily | yes. looks like 2.18 is out, someone should open a PR. no other versions yet, waiting for Eelco to cut the tags I assume. (further discussion should probably go in #security-discuss:nixos.org) | 12:35:40 |
 Mic92 | In reply to @qyliss:fairydust.space
builtin:fetchurl: Enable TLS verification
I would argue the "information leak" should not affect many people. <nix/fetchurl.nix> is manly used by bootstrap tarballs. | 18:48:48 |
| Mic92 | In reply to @qyliss:fairydust.space
builtin:fetchurl: Enable TLS verification
* I would argue the "information leak" should not affect many people. <nix/fetchurl.nix> is manly used by bootstrap tarballs that do not suffer from this. So low impact for most people. | 18:49:22 |
 hexa | it probably doesn't, but that is for #security-discuss:nixos.org | 18:52:36 |
 vcunat | In reply to @fabianhjr:matrix.org
https://x.com/evilsocket/status/1838169889330135132
Claims 9.9 RCE unauthenticated over network affecting all GNU/Linux Systems CUPS? Much earlier than expected, though:
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ | 20:21:55 |
