19 May 2025 |
| oak 🏳️🌈♥️ changed their display name from oak to oak 🏳️🌈♥️. | 11:00:52 |
emily | only for new ones, I think | 14:58:09 |
hexa | * note that we started requiring an active committer on the maintainers list for browsers 😉 | 14:58:33 |
hexa | nope, we don't do grandfathering for security | 14:58:47 |
Grimmauld (any/all) |
I agree that different standards for new vs. existing packages doesn't make sense
make me committer then :P
| 14:59:02 |
hexa | smh | 14:59:13 |
hexa | #security-discuss:nixos.org if you want to continue the banter 😜 | 14:59:47 |
| Emantor changed their profile picture. | 19:32:12 |
20 May 2025 |
emily | https://github.com/NixOS/nixpkgs/pull/409063 https://github.com/NixOS/nixpkgs/pull/409064 | 13:12:40 |
emily | "Patches to fix CVE-2017-12921 and CVE-2017-12925 and possibly CVE-2017-12920." always a good time when the changelog isn't even sure they fixed the CVE | 13:13:06 |
hexa | this is imagemagick, you can always assume a vulnerability lingering | 13:16:33 |
emily | (fixed aliases merge conflict 🙃) | 13:24:32 |
hexa | https://www.openwall.com/lists/oss-security/2025/05/20/2 openvpn | 15:30:00 |
hexa |
All versions from v20 through v24 are affected. This has been resolved in OpenVPN 3 Linux v24.1.
| 15:30:15 |
hexa | nix-repl> :p openvpn3.version
24
| 15:30:30 |
tgerbet | https://github.com/NixOS/nixpkgs/pull/409119 | 16:37:41 |
21 May 2025 |
Zhaofeng Li | libarchive: https://github.com/NixOS/nixpkgs/pull/409300
https://github.com/libarchive/libarchive/releases/tag/v3.8.0
Security fixes mixed with new features, no CVEs assigned as far as I can tell | 06:46:07 |
stigo | I've pinged Red Hat about it, hopefully they will get CVEs fixed | 10:26:12 |
stigo | (MITRE takes ages to repond) | 10:28:23 |
| oddlama changed their display name from Malte to oddlama. | 17:42:18 |
hexa | https://github.com/NixOS/nixpkgs/pull/409445 | 23:56:59 |
23 May 2025 |
stigo | Red Hat CNA-LR responded yesterday that they will process the issues | 11:04:13 |
Markus Theil | https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575 | 13:18:08 |
Markus Theil | I commented the CVE in https://github.com/NixOS/nixpkgs/pull/397123. | 13:19:24 |
| Alison Jenkins changed their profile picture. | 16:05:41 |
25 May 2025 |
hexa | https://www.openwall.com/lists/oss-security/2025/05/23/2 | 15:50:31 |
hexa | * https://www.openwall.com/lists/oss-security/2025/05/23/2 ghostscript | 15:50:49 |
26 May 2025 |
| ximnoise left the room. | 02:57:15 |
| ximnoise joined the room. | 02:57:30 |
27 May 2025 |
| matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) joined the room. | 07:49:31 |