!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

715 Members
Coordination and triage of security issues in nixpkgs218 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
18 Oct 2023
@mtheil:scs.ems.host@mtheil:scs.ems.host 
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.1.4 and 3.0.12.

These releases will be made available on Tuesday 24th October 2023
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue fixed in
each of these two releases is Moderate:
11:46:16
@ghishadow:matrix.orgghishadow changed their profile picture.12:52:11
19 Oct 2023
@delroth:delroth.netdelrothApache 2.4.58: https://downloads.apache.org/httpd/CHANGES_2.4.58 (CVE-2023-45802, CVE-2023-43622, CVE-2023-31122)14:35:04
@delroth:delroth.netdelroth * Apache 2.4.58: https://downloads.apache.org/httpd/CHANGES_2.4.58 (CVE-2023-45802, CVE-2023-43622, CVE-2023-31122) https://github.com/NixOS/nixpkgs/pull/262075 14:35:44
20 Oct 2023
@lt1379:matrix.orgLunRecent zlib CVE, don't know if this needs patched quickly https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/84300:13:19
@ninjatrappeur:alternativebit.fr@ninjatrappeur:alternativebit.fr changed their display name from NinjaTrappeur to PicNoir (was Ninjatrappeur).10:33:36
@julian:nekover.se@julian:nekover.se changed their display name from Julian to miau.15:05:16
@julian:nekover.se@julian:nekover.se changed their display name from miau to Julian.15:07:31
21 Oct 2023
@pederbs:pvv.ntnu.nopbsds joined the room.10:17:11
@rwx-rwx-rwx:matrix.orgMikael Fangel changed their display name from rwx-rwx-rwx to Mikael Fangel.17:15:39
@rwx-rwx-rwx:matrix.orgMikael Fangel set a profile picture.17:22:09
22 Oct 2023
@tgerbet:matrix.orgtgerbet
In reply to @lt1379:matrix.org
Recent zlib CVE, don't know if this needs patched quickly
https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/843

It only impacts minizip and not zlib itself

https://github.com/NixOS/nixpkgs/pull/262722

11:19:25
@globin:toznenetl.chatglobin joined the room.20:01:57
23 Oct 2023
@ss:someonex.netSomeoneSerge (matrix works sometimes) changed their display name from Someone (UTC+3) to SomeoneSerge (UTC+1).09:09:21
@robin.gloster:matrix.mayflower.deglobin left the room.09:49:04
@globin:toznenetl.chatglobin set a profile picture.14:27:40
24 Oct 2023
@hexa:lossy.networkhexaworking on openssl14:03:43
@hexa:lossy.networkhexa

Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

14:07:36
@hexa:lossy.networkhexahttps://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-202314:07:41
@k900:0upti.meK900That doesn't look too bad at least14:08:04
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/26315014:14:26

Show newer messages

Back to Room ListRoom Version: 6