!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

694 Members
Coordination and triage of security issues in nixpkgs217 Servers

Load older messages

SenderMessageTime
25 May 2021
@hexa:lossy.networkhexaneeds porting to both stable branches18:31:30
@hexa:lossy.networkhexa
A security issue in nginx resolver was identified, which might allow an
attacker to cause 1-byte memory overwrite by using a specially crafted
DNS response, resulting in worker process crash or, potentially, in
arbitrary code execution (CVE-2021-23017).
18:31:53
@hexa:lossy.networkhexahttps://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html 😒18:39:03
@kevincox:matrix.orgkevincoxYou mean DRAM manufacturers didn't really fix the problem? surprised-pikachu18:48:07
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/12443322:20:58
@hexa:lossy.networkhexaplease review22:21:07
@hexa:lossy.networkhexathanks for the quick response everbody 🥳22:40:09
26 May 2021
@samueldr:matrix.orgsamueldr changed their display name from samueldr to ‎.00:46:03
@samueldr:matrix.orgsamueldr changed their display name from ‎ to samueldr‎.00:46:32
@corbin:matrix.orgCorbin joined the room.06:25:05
@niksnut:matrix.orgniksnut joined the room.07:39:20
@zimbatm:numtide.comJonas Chevalier joined the room.11:02:40
@justinrestivo:matrix.orgjustinrestivo joined the room.12:27:51
@arianvp:matrix.orgArian joined the room.16:34:05
@reptarmigam:matrix.orgre-ptarmigan❄️🐦️ joined the room.20:54:55
@samueldr:matrix.orgsamueldr changed their display name from samueldr‎ to samueldr.21:05:24
27 May 2021
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/12450204:03:37
@cjbayliss:matrix.orgcjbayliss (they/them) joined the room.04:31:42
@oida:mdma.rocksoida joined the room.10:49:56
@fabaff:matrix.orgFabian Affolter joined the room.18:03:03
@robert:funklause.dedotlambdaOn 20.09, libxml2 has at least 5 open CVEs: https://github.com/NixOS/nixpkgs/issues/124650.19:22:36
@robert:funklause.dedotlambdaThe patch for CVE-2021-3518 doesn't apply cleanly.19:22:46
@hexa:lossy.networkhexaawesome, the patches for curl 7.74.0 also don't apply cleanly.19:45:40
@robert:funklause.dedotlambdahttps://github.com/NixOS/nixpkgs/pull/12469319:56:37
@robert:funklause.dedotlambdahttps://github.com/NixOS/nixpkgs/pull/12469520:11:08
28 May 2021
@adisbladis:matrix.orgadisbladis left the room.00:39:13
@asymmetric:matrix.dapp.org.ukasymmetric joined the room.16:05:19
29 May 2021
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/12483902:28:02
@hexa:lossy.networkhexa found by moritz.hedtke 02:28:19
@justinrestivo:matrix.orgjustinrestivo changed their display name from justinrestivo to oh caml >>=.12:20:58

Show newer messages

Back to Room ListRoom Version: 6