| 27 Jan 2024 |
|  @metanoic:matrix.org joined the room. | 13:31:42 |
|  @dooy:matrix.org changed their display name from Dooygoy to stablejoy. | 13:37:43 |
| 28 Jan 2024 |
|  nf changed their profile picture. | 14:04:04 |
|  @kudzu:envs.net joined the room. | 20:37:07 |
| 29 Jan 2024 |
 Sandro | https://github.com/NixOS/nixpkgs/pull/284771
I think https://github.com/paperless-ngx/paperless-ngx/issues/5502 applies only applies to custom configuration but it is an authentication bypass for a very sensitive system. | 13:42:19 |
| Sandro |
We are planning to release critical security patches for versions 3.5, 4.1, 4.2 and nightly this Thursday, Feb 01, at 15:00 UTC. We encourage server administrators to plan for a timely upgrade to ensure their Mastodon server is protected.
https://c3d2.social/@MastodonEngineering@mastodon.social/111839555900486563
| 13:52:17 |
|  @xfix:matrix.org left the room. | 14:52:41 |
|  @flandweber:envs.net joined the room. | 15:01:57 |
|  jarrrkob joined the room. | 15:18:04 |
| @flandweber:envs.net changed their display name from flandweber to Finn Landweber. | 18:20:08 |
| 30 Jan 2024 |
|  Hugo Ribeiro joined the room. | 02:22:47 |
 hexa | Markus Theil: openssl updates are live | 14:24:45 |
 @mtheil:scs.ems.host | thx, PR follows soon. | 14:26:12 |
| @mtheil:scs.ems.host | https://github.com/NixOS/nixpkgs/pull/285019 | 15:31:51 |
| @mtheil:scs.ems.host | As the severity of the fixed issues is low, I'm waiting for a list of fixed things to appear on openssl.org | 15:32:33 |
| @mtheil:scs.ems.host | * As the severity of the fixed issues is low, I'm waiting for a list of fixed things to appear on openssl.org to include it in the descriptions. | 15:32:45 |
| hexa | https://github.com/openssl/openssl/blob/openssl-3.2.1/CHANGES.md#changes-between-320-and-321-30-jan-2024
https://github.com/openssl/openssl/blob/openssl-3.0.13/CHANGES.md#changes-between-3012-and-3013-30-jan-2024 | 15:34:07 |
| hexa | use these. | 15:34:13 |
| @mtheil:scs.ems.host | thx | 15:36:10 |
 vcunat | One of these might be a low-rebuild change, but I suppose there's no hurry to get the changes anyway? | 15:43:08 |
 ajs124 | 3.2 should be low rebuild | 15:45:19 |
| @mtheil:scs.ems.host | For 23.11: https://github.com/NixOS/nixpkgs/pull/285027 | 16:07:53 |
 delroth | https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt | 18:35:50 |
| delroth | switching the wrappers to musl was a very good idea | 18:36:06 |
 @aloisw:kde.org | In reply to @delroth:delroth.net
switching the wrappers to musl was a very good idea The wrappers do not call syslog. | 18:53:01 |
| delroth | this was a general statement on glibc, not on this particular vuln :) | 18:54:37 |
 tgerbet | In reply to @delroth:delroth.net
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt https://github.com/NixOS/nixpkgs/pull/285050 | 18:57:59 |
| delroth | we can move followup discussion to the discuss channel, I think we do need to remediate that last glibc vuln because wrappers forward all of argv (including argv[0]) to the wrapped program | 18:58:10 |
| 31 Jan 2024 |
|  @federicodschonborn:matrix.org changed their profile picture. | 03:36:03 |
| @federicodschonborn:matrix.org changed their profile picture. | 06:21:40 |
