!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

719 Members
Coordination and triage of security issues in nixpkgs219 Servers

Load older messages

SenderMessageTime
28 Nov 2023
@hexa:lossy.networkhexaonly worried about release-23.05 here12:08:17
@hexa:lossy.networkhexahttps://github.com/go-gitea/gitea/releases/tag/v1.20.6 master and release-23.11 on 1.20.5, release-23.05 on 1.19.412:27:27
@hexa:lossy.networkhexa ma27: for gitea 12:28:56
@ma27:nicht-so.sexyma27will try to take a look today13:21:00
@me:indeednotjames.comemily
In reply to @hexa:lossy.network
only worried about release-23.05 here

All versions back to gogs are affected (depending on the endpoint)

source: https://matrix.to/#/!qjPHwFPdxhpLkXMkyP:matrix.org/$ONM9CMUFMAnJjhtvbaStCoYoWS2lkazKxgfsDjwQzg4?via=matrix.org&via=tchncs.de

18:04:55
29 Nov 2023
@julienmalka:matrix.orgJulienhttps://jellyfin.org/posts/jellyfin-security-and-you/13:11:29
@julienmalka:matrix.orgJulienIs anyone doing that bump ? Otherwise I can 13:11:49
@julienmalka:matrix.orgJulienhttps://github.com/NixOS/nixpkgs/pull/27094514:09:22
30 Nov 2023
@mbssrc:matrix.orgmbssrc joined the room.12:04:35
1 Dec 2023
@cafkafk:gitter.imcafkafk joined the room.05:31:13
@lotte:chir.rs@lotte:chir.rs changed their profile picture.09:39:03
@cafkafk:gitter.imcafkafk changed their profile picture.10:51:31
@moritz.hedtke:matrix.orgmoritz.hedtke set their display name to Moritz Hedtke.11:08:12
2 Dec 2023
@mop4987:matrix.org@mop4987:matrix.org joined the room.21:14:44
3 Dec 2023
@er10:matrix.org@er10:matrix.org joined the room.00:05:00
@ThorHop:matrix.org@ThorHop:matrix.org changed their display name from hopland (valorent vicky) to hopland (meticulous montesquieu).14:08:43
* @r_i_s:matrix.orgris_ returns to the idea of having something like a meta.knownVendoredIn attribute that lists packages we know vendor copies of this package, to make our lives easier when patching vulnerabilities 15:07:36
@cf11:0x2c.org@cf11:0x2c.org joined the room.15:10:32
@r_i_s:matrix.orgris_(wrong channel)15:15:51
@eryngion:matrix.orgeryngion joined the room.21:24:21
@eryngion:matrix.orgeryngion FYI: I see a bunch of relatively fresh CVE patches in https://github.com/meta-qt5/meta-qt5/tree/master/recipes-qt/qt5/qtbase that we don't have. 21:42:23
@k900:0upti.meK900We should have those21:43:02
@k900:0upti.meK900Because we are tracking KDE's patchset and not upstream Qt21:43:09
@k900:0upti.meK900So you need to be looking at https://invent.kde.org/qt/qt/qtbase/-/commits/kde/5.15/21:43:27
@k900:0upti.meK900As far as I can tell all the patches OE has we also have21:48:21
@k900:0upti.meK900At least the ones marked as CVE21:48:59
@eryngion:matrix.orgeryngion Yeah, somebody may have forgotten to refresh his local qtbase repo in moths and should go sleep :) 21:52:30
5 Dec 2023
@federicodschonborn:matrix.org@federicodschonborn:matrix.org changed their profile picture.00:38:37
@hexa:lossy.networkhexa https://webkitgtk.org/security/WSA-2023-0011.html Jan Tojnar et al 🙂 21:30:38
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2023/12/05/2 Mic92 qbit 21:44:19

Show newer messages

Back to Room ListRoom Version: 6