| 24 Jan 2024 |
 @mtheil:scs.ems.host | Probably. The mail was just:
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.2.1, 3.1.5 and 3.0.13.
We will be also releasing extended support OpenSSL versions 1.0.2zj and
1.1.1x which will be available to premium support customers.
These releases will be made available on Tuesday 30th January 2024
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue fixed in
each of these releases is Low:
https://www.openssl.org/policies/secpolicy.html
Yours
The OpenSSL Project Team
| 10:03:15 |
 vcunat | OK. OpenSSL marking all "Low" implies that it won't be urgent, I think. | 10:06:37 |
| @mtheil:scs.ems.host | I'll open a PR timely after release, but it probably is not urgent. | 10:10:59 |
 AkechiShiro | Hi, should security fixes be backported usually on the stable release ?
Asking for https://github.com/NixOS/nixpkgs/pull/283179 related to https://nitter.net/_msw_/status/1749999077100855638#m | 12:35:54 |
| AkechiShiro | * Hi, should security fixes be backported usually on the stable release ? (I'd guess yes as long as it is not a major version change?)
Asking for https://github.com/NixOS/nixpkgs/pull/283179 related to https://nitter.net/_msw_/status/1749999077100855638#m | 12:37:49 |
 hexa | we could get away with just bumping minizip | 12:43:49 |
| hexa | but oh well, let me set up the backport | 12:50:36 |
 tgerbet | The minizip issue with the scary CVSS score was handled in https://github.com/NixOS/nixpkgs/pull/262722 | 16:42:53 |
|  octodi set a profile picture. | 19:06:44 |
 felschr | https://github.com/NixOS/nixpkgs/pull/283544 | 21:42:32 |
| 25 Jan 2024 |
| felschr | * https://github.com/NixOS/nixpkgs/pull/283544 (all checks have passed now) | 01:47:11 |
 leona | https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ againā¦ | 22:54:34 |
 yaya | https://github.com/NixOS/nixpkgs/pull/283888 | 23:54:49 |
| 26 Jan 2024 |
| hexa | https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d | 02:31:53 |
| hexa | cc raitobezarius | 02:32:17 |
 raitobezarius | cc @baloo Linux Hackerman: ^ | 02:33:12 |
| hexa | enobaloo | 02:33:20 |
 @linus:schreibt.jetzt | oh no I didn't want to know that shim has HTTP š¤¦ | 11:08:20 |
| @linus:schreibt.jetzt | In reply to @hexa:lossy.network
https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d https://github.com/NixOS/nixpkgs/pull/283471 | 12:19:01 |
| 27 Jan 2024 |
|  @metanoic:matrix.org joined the room. | 13:31:42 |
|  @dooy:matrix.org changed their display name from Dooygoy to stablejoy. | 13:37:43 |
| 28 Jan 2024 |
|  nf changed their profile picture. | 14:04:04 |
|  @kudzu:envs.net joined the room. | 20:37:07 |
| 29 Jan 2024 |
 Sandro | https://github.com/NixOS/nixpkgs/pull/284771
I think https://github.com/paperless-ngx/paperless-ngx/issues/5502 applies only applies to custom configuration but it is an authentication bypass for a very sensitive system. | 13:42:19 |
| Sandro |
We are planning to release critical security patches for versions 3.5, 4.1, 4.2 and nightly this Thursday, Feb 01, at 15:00 UTC. We encourage server administrators to plan for a timely upgrade to ensure their Mastodon server is protected.
https://c3d2.social/@MastodonEngineering@mastodon.social/111839555900486563
| 13:52:17 |
|  @xfix:matrix.org left the room. | 14:52:41 |
|  @flandweber:envs.net joined the room. | 15:01:57 |
|  jarrrkob joined the room. | 15:18:04 |
| @flandweber:envs.net changed their display name from flandweber to Finn Landweber. | 18:20:08 |
| 30 Jan 2024 |
|  Hugo Ribeiro joined the room. | 02:22:47 |
