!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

704 Members
Coordination and triage of security issues in nixpkgs217 Servers

Load older messages

SenderMessageTime
16 Jan 2024
@fabianhjr:matrix.orgFabián Heredia:O15:50:13
@fabianhjr:matrix.orgFabián Herediaclosing as dupe then15:50:20
@k900:0upti.meK900It builds, Plasma test passes, merged15:56:54
@sasha:the-apothecary.clubMoved to @sashanoraa:matrix.org joined the room.17:06:21
@adam:robins.wtf@adam:robins.wtf joined the room.17:18:46
@tgerbet:matrix.orgtgerbethttps://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h20:17:35
@k900:0upti.meK900Not really much we can do20:17:55
@k900:0upti.meK900I guess update our EDK220:17:59
@tgerbet:matrix.orgtgerbetYep update is not yet available but there is a patch for 7 out of 9 issues in edk2 bugtracker, I will take a look in a moment. 20:22:06
@k900:0upti.meK900Thing is, our EDK2 is only used for VM tests basically20:24:46
@k900:0upti.meK900Which is not very relevant to this20:24:56
@raitobezarius:matrix.orgraitobezariusI did enable the IPv6 stack recently20:25:27
@raitobezarius:matrix.orgraitobezariusAnd some people deploy that EDK2 on real systems ahem20:25:47
@hexa:lossy.networkhexamy local qemu test vms use edk221:00:44
@adam:robins.wtf@adam:robins.wtfincus and lxd are using edk2 too23:07:44
@adam:robins.wtf@adam:robins.wtfrunning the virtual-machine test should be sufficient23:08:05
@raitobezarius:matrix.orgraitobezarius
In reply to @tgerbet:matrix.org
Yep update is not yet available but there is a patch for 7 out of 9 issues in edk2 bugtracker, I will take a look in a moment.

Can you put me in the loop or ping me if you need my actions? I am not sure if I want to patch too early EDK2 shit because their QA is outright bad in general 		23:21:46
@tgerbet:matrix.orgtgerbetI just requested a review from you 👍 https://github.com/NixOS/nixpkgs/pull/281405 23:26:39
@mtxyz:the-apothecary.clubBailey (she/they) joined the room.23:36:16
@jowj:awful.club@jowj:awful.club left the room.23:53:11
@rvdp:infosec.exchangeRamses 🇵🇸 joined the room.23:55:41
17 Jan 2024
@george:matrix.geonat.nzOahzEgroeg changed their display name from George to george.02:18:56
@george:matrix.geonat.nzOahzEgroeg changed their display name from george to George.02:28:32
@george:matrix.geonat.nzOahzEgroeg set a profile picture.02:28:45
@delta231:matrix.orgSwastik Baranwal set a profile picture.21:23:53
18 Jan 2024
@syntheit:matrix.org@syntheit:matrix.org left the room.04:14:23
19 Jan 2024
@ThorHop:matrix.org@ThorHop:matrix.org changed their display name from hopland (meticulous montesquieu) to hopland (manners or stfu).05:11:41
@ThorHop:matrix.org@ThorHop:matrix.org changed their display name from hopland (manners or stfu) to hopland.05:14:27
@room303:matrix.orgRoom303 joined the room.07:05:53
20 Jan 2024
@nikke89:matrix.orgNikke joined the room.21:32:42

Show newer messages

Back to Room ListRoom Version: 6