| 24 Mar 2024 |
 hexa | https://gnutls.org/security-new.html#GNUTLS-SA-2023-12-04 | 11:05:08 |
| hexa | * https://gnutls.org/security-new.html#GNUTLS-SA-2023-12-04 vcunat | 11:07:44 |
 tgerbet | Unstable here https://github.com/NixOS/nixpkgs/pull/297657
Taking a look for the backport to stable, looks like the file has been nixpkgs-fmted | 11:12:44 |
| hexa | ah thanks, for some reason I missed it when I checked the version on staging | 11:17:38 |
| tgerbet | https://github.com/NixOS/nixpkgs/pull/298604 | 11:19:29 |
 Alyssa Ross | Seems to regress musl :( | 14:31:41 |
| 25 Mar 2024 |
|  ネコ joined the room. | 00:12:11 |
| ネコ | hey i found a way to put nulls in strings, unsure if that has security implications, but it should probably be an error? | 00:14:04 |
| ネコ | unsure if i should open an issue on github? could this be used for some sort of buffer overflow attack? idk | 00:15:48 |
|  @admin:nixos.org joined the room. | 00:23:10 |
| hexa | can you explain more in #security-discuss:nixos.org | 00:23:58 |
| hexa | * can you explain more in #security-discuss:nixos.org? | 00:24:04 |
| @admin:nixos.org left the room. | 00:30:35 |
 ris_ | https://github.com/NixOS/nixpkgs/pull/297547 | 20:14:15 |
| hexa | wow, this looks like code copy pasted from home-assistant 😄 | 20:30:09 |
| hexa | which can be explained because bdraco was involved | 20:30:32 |
| 26 Mar 2024 |
| hexa | https://webkitgtk.org/security/WSA-2024-0002.html Jan Tojnar | 03:22:18 |
|  @linucifer:envs.net joined the room. | 19:09:13 |
 pinpox | Not sure if this is the right place to ask, but are current NixOS versions impacted by https://github.com/Notselwyn/CVE-2024-1086 ? | 20:33:53 |
 K900 | Mo | 20:34:38 |
| K900 | * No | 20:34:45 |
| K900 |
The exploit affects versions from (including) v5.14 to (including) v6.6, excluding patched branches v5.15.149>, v6.1.76>, v6.6.15>
| 20:35:11 |
| ris_ | at last https://github.com/NixOS/nixpkgs/pull/295967 | 23:05:56 |
| 27 Mar 2024 |
 Jan Tojnar | https://github.com/NixOS/nixpkgs/pull/299417 | 05:44:09 |
| tgerbet | https://www.openwall.com/lists/oss-security/2024/03/27/5
util-linux 2.40 was released with the fix
https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253 | 21:06:20 |
| tgerbet | And curl 8.7.1 https://github.com/NixOS/nixpkgs/pull/299580 | 21:07:22 |
| tgerbet | Well https://www.openwall.com/lists/oss-security/2024/03/27/7 😅 | 21:48:07 |
| 29 Mar 2024 |
|  SebTM joined the room. | 04:23:38 |
 vcunat | https://github.com/NixOS/nixpkgs/commit/c2b0bf3dd525#commitcomment-140365634 | 06:36:33 |
| vcunat | (in case someone's interested in .mlflow for NixOS 23.11) | 06:37:06 |
