!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

733 Members
Coordination and triage of security issues in nixpkgs222 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
22 Oct 2023
@globin:toznenetl.chatglobin joined the room.20:01:57
23 Oct 2023
@ss:someonex.netSomeoneSerge (matrix works sometimes) changed their display name from Someone (UTC+3) to SomeoneSerge (UTC+1).09:09:21
@robin.gloster:matrix.mayflower.deglobin left the room.09:49:04
@globin:toznenetl.chatglobin set a profile picture.14:27:40
24 Oct 2023
@hexa:lossy.networkhexaworking on openssl14:03:43
@hexa:lossy.networkhexa

Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

14:07:36
@hexa:lossy.networkhexahttps://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-202314:07:41
@k900:0upti.meK900That doesn't look too bad at least14:08:04
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/26315014:14:26
@hexa:lossy.networkhexa

Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length (CVE-2023-5363).

14:20:20
@hexa:lossy.networkhexanow with more words!14:20:24
@mtheil:scs.ems.host@mtheil:scs.ems.host hexa: Do you also open a PR for 23.05 or can I? 14:43:56
@hexa:lossy.networkhexahrm, backport action won't do it, because of openssl_3_114:44:53
@mtheil:scs.ems.host@mtheil:scs.ems.hostyep14:44:58
@hexa:lossy.networkhexamake sure to cherry-pick with -x14:45:08
@hexa:lossy.networkhexaand make sure to change hash back to sha25614:45:22
@hexa:lossy.networkhexawe're not in a hurry really, because staging-next will likely go first14:46:55
@mtheil:scs.ems.host@mtheil:scs.ems.hostok14:51:42
@hexa:lossy.networkhexaand if the version that goes into staging changes, you'll need to update the reference 😛14:55:06
@mtheil:scs.ems.host@mtheil:scs.ems.hostSry, overlooked the target branch :(14:56:09
@mtheil:scs.ems.host@mtheil:scs.ems.host
In reply to @hexa:lossy.network
and if the version that goes into staging changes, you'll need to update the reference 😛
I'll wait for it. Thanks for the fast close 😅 		14:59:19
25 Oct 2023
@federicodschonborn:matrix.org@federicodschonborn:matrix.org changed their profile picture.00:13:15
@k900:0upti.meK900https://github.com/NixOS/nixpkgs/pull/263317 kernel update with a potentially pretty spooky KVM vuln11:07:42
@k900:0upti.meK900https://www.phoronix.com/news/X.Org-Halloween-Bugs-2023 and a bunch of X11 vulns because duh11:19:48
@k900:0upti.meK900 @Artturin what's the status on the X11 untangling PR? 11:20:09

Show newer messages

Back to Room ListRoom Version: 6