| 23 Nov 2023 |
|  @ThorHop:matrix.org changed their display name from hopland (flaky frank) to hopland (evil entrepeneur). | 17:30:42 |
| @ThorHop:matrix.org changed their display name from hopland (evil entrepeneur) to hopland (nixpkgs-rolling when). | 18:25:26 |
 felschr | https://github.com/NixOS/nixpkgs/pull/269163 | 22:09:41 |
| 25 Nov 2023 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 13:21:49 |
| felschr | https://github.com/NixOS/nixpkgs/pull/269763
https://github.com/NixOS/nixpkgs/pull/269764 | 13:32:45 |
 stigo | https://metacpan.org/release/PEVANS/perl-5.38.1/changes -Fixes CVE-2023-47038, i'm creating PRs for those | 18:20:26 |
| stigo | * https://metacpan.org/release/PEVANS/perl-5.38.1/changes -Fixes CVE-2023-47038, i'm creating PRs for those (affects perl538 and perl536) | 18:20:43 |
| stigo | * https://metacpan.org/release/PEVANS/perl-5.38.1/changes -Fixes CVE-2023-47038 and CVE-2023-47039, i'm creating PRs for those (affects perl538 and perl536) | 18:22:52 |
| stigo | In reply to @stigo:matrix.org
https://metacpan.org/release/PEVANS/perl-5.38.1/changes -Fixes CVE-2023-47038 and CVE-2023-47039, i'm creating PRs for those (affects perl538 and perl536) https://github.com/NixOS/nixpkgs/pull/269996 | 22:02:23 |
| stigo | In reply to @stigo:matrix.org
https://metacpan.org/release/PEVANS/perl-5.38.1/changes -Fixes CVE-2023-47038 and CVE-2023-47039, i'm creating PRs for those (affects perl538 and perl536) * https://github.com/NixOS/nixpkgs/pull/269996 (currently targeted to master, let me know if you need it targeted to another branch) | 22:03:16 |
 hexa | will probably be a mass-rebuild, so unless this is an RCE I'd say we stage it 😄 | 22:07:11 |
| hexa |
CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
| 22:07:37 |
| hexa | apparently limited to one-byte | 22:07:52 |
| hexa |
CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
| 22:07:57 |
| hexa | 🪟 | 22:08:00 |
| hexa | * 🪟s | 22:08:08 |
| stigo | In reply to @hexa:lossy.network
will probably be a mass-rebuild, so unless this is an RCE I'd say we stage it 😄 Done. (sigh sorry for the mass ping) | 23:28:41 |
| 26 Nov 2023 |
 ris_ | https://nvd.nist.gov/vuln/detail/CVE-2023-41419 and our gevent is really out of date | 00:20:13 |
| ris_ | https://github.com/NixOS/nixpkgs/pull/270019 | 00:39:08 |
| ris_ | not sure what to do about 23.11 | 00:41:05 |
 raitobezarius | imho backport | 00:41:32 |
| raitobezarius | the issue seems quite problematic | 00:41:38 |
| raitobezarius | I mean, it would be nice to know about the blast radius though | 00:41:53 |
| ris_ | well, last change to gevent was 5001+ rebuilds | 00:47:11 |
| ris_ | guess we could either merge it to staging-next to find out how many breakages it causes or request a hydra job | 00:54:13 |
| ris_ | will have a go at the patch in the morning | 00:58:28 |
| ris_ | have done a lot of rebuilding with the above and haven't found any failures so far | 13:16:07 |
| 27 Nov 2023 |
|  @scm:sven.cc joined the room. | 01:29:30 |
| @ThorHop:matrix.org changed their display name from hopland (nixpkgs-rolling when) to hopland (valorent vicky). | 14:31:01 |
| 28 Nov 2023 |
|  @a-n-n-a-l-e-e:matrix.org joined the room. | 03:17:52 |
