!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

708 Members
Coordination and triage of security issues in nixpkgs218 Servers

Load older messages

SenderMessageTime
13 Apr 2024
@sophie:catgirl.cloud⛧-440729 [sophie raven] (it/its) changed their display name from Sophie to sophie.08:27:37
@tgerbet:matrix.orgtgerbet

https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html

cc emily

11:06:14
@tgerbet:matrix.orgtgerbetDone in https://github.com/NixOS/nixpkgs/pull/303377 https://github.com/NixOS/nixpkgs/pull/303471 Somehow missed it in GH search, sorry for the noise12:55:11
15 Apr 2024
@mtheil:scs.ems.host@mtheil:scs.ems.hostBotan 3.4.0 was released: https://github.com/NixOS/nixpkgs/pull/30422009:44:54
@djacu:matrix.orgdjacu left the room.16:17:25
@samueldr:matrix.orgsamueldr https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html 19:22:28
@samueldr:matrix.orgsamueldr * https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html ( https://hachyderm.io/@simontatham/112276855758487211 ) 19:22:46
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/30435419:55:11
16 Apr 2024
@insurgo:matrix.orgtlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion [UTC-4:Processing backlog] to Insurgo aka tlaurion [UTC-4].01:01:36
17 Apr 2024
@felschr:matrix.orgfelschr https://github.com/NixOS/nixpkgs/pull/304595 03:15:53
@vcunat:matrix.orgvcunathttps://discourse.nixos.org/t/virus-detected-on-nixos-virtualbox-appliance/4353406:12:01
@hexa:lossy.networkhexa continued in #security-discuss:nixos.org 08:52:23
@k900:0upti.meK900 changed their display name from K900 ⚡️ to K9Ö0.17:16:43
@k900:0upti.meK900 changed their display name from K9Ö0 to K900.17:21:54
@k900:0upti.meK900 17:21:55
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2024/04/17/9 ma27 22:53:09
18 Apr 2024
@dmorab:matrix.orgdmorab joined the room.16:53:21
@smorci:matrix.orgsmorci joined the room.19:52:56
@smorci:matrix.orgsmorci changed their display name from Szekely Marton to smorci.19:54:16
@smorci:matrix.orgsmorci set a profile picture.19:54:50
@sugi:matrix.besaid.desugihttps://forgejo.org/2024-04-release-v1-21-11-0/ <- forgejo security update to 1.21.1120:45:39
@hexa:lossy.networkhexa emily: 21:07:16
@hexa:lossy.networkhexa * cc emily: 21:07:21
19 Apr 2024
@mjm:midna.devmjm changed their profile picture.19:17:27
20 Apr 2024
@cafkafk:gitter.imcafkafk changed their profile picture.13:17:14
21 Apr 2024
@r_i_s:matrix.orgris_ what are we doing about hashicorp vault in stable now? CVE-2024-2660 indicates we should upgrade stable to 1.14.11, but the only 1.14.11 tag on github is v1.14.11+ent, which appears to be BSL 18:59:50
@magic_rb:matrix.redalder.orgmagic_rbwe have to either not upgrade and mark as broken or change license, not really anything else we can do (hashicorp never ceases to disappoint)19:00:58
@magic_rb:matrix.redalder.orgmagic_rb * we have to either not upgrade and mark as insecure or change license, not really anything else we can do (hashicorp never ceases to disappoint)19:01:14
@r_i_s:matrix.orgris_sure.. but which?19:48:09
@magic_rb:matrix.redalder.orgmagic_rbWe change the license and introduce a warning saying it changed in case someone has allowUnfree but doesnt want to use nonfree vault. If we broke it people couldnt upgrade at all19:49:13

Show newer messages

Back to Room ListRoom Version: 6