!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

719 Members
Coordination and triage of security issues in nixpkgs220 Servers

Load older messages

SenderMessageTime
23 Oct 2023
@globin:toznenetl.chatglobin set a profile picture.14:27:40
24 Oct 2023
@hexa:lossy.networkhexaworking on openssl14:03:43
@hexa:lossy.networkhexa

Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

14:07:36
@hexa:lossy.networkhexahttps://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-202314:07:41
@k900:0upti.meK900That doesn't look too bad at least14:08:04
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/26315014:14:26
@hexa:lossy.networkhexa

Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length (CVE-2023-5363).

14:20:20
@hexa:lossy.networkhexanow with more words!14:20:24
@mtheil:scs.ems.host@mtheil:scs.ems.host hexa: Do you also open a PR for 23.05 or can I? 14:43:56
@hexa:lossy.networkhexahrm, backport action won't do it, because of openssl_3_114:44:53
@mtheil:scs.ems.host@mtheil:scs.ems.hostyep14:44:58
@hexa:lossy.networkhexamake sure to cherry-pick with -x14:45:08
@hexa:lossy.networkhexaand make sure to change hash back to sha25614:45:22
@hexa:lossy.networkhexawe're not in a hurry really, because staging-next will likely go first14:46:55
@mtheil:scs.ems.host@mtheil:scs.ems.hostok14:51:42
@hexa:lossy.networkhexaand if the version that goes into staging changes, you'll need to update the reference 😛14:55:06
@mtheil:scs.ems.host@mtheil:scs.ems.hostSry, overlooked the target branch :(14:56:09
@mtheil:scs.ems.host@mtheil:scs.ems.host
In reply to @hexa:lossy.network
and if the version that goes into staging changes, you'll need to update the reference 😛
I'll wait for it. Thanks for the fast close 😅 		14:59:19
25 Oct 2023
@federicodschonborn:matrix.org@federicodschonborn:matrix.org changed their profile picture.00:13:15
@k900:0upti.meK900https://github.com/NixOS/nixpkgs/pull/263317 kernel update with a potentially pretty spooky KVM vuln11:07:42
@k900:0upti.meK900https://www.phoronix.com/news/X.Org-Halloween-Bugs-2023 and a bunch of X11 vulns because duh11:19:48
@k900:0upti.meK900 @Artturin what's the status on the X11 untangling PR? 11:20:09
@artturin:matrix.orgArtturin
In reply to @k900:0upti.me
https://www.phoronix.com/news/X.Org-Halloween-Bugs-2023 and a bunch of X11 vulns because duh
Haven't started manual moving so just update like normal 		17:26:58
26 Oct 2023
@lotte:chir.rs@lotte:chir.rs changed their profile picture.06:50:34
@felschr:matrix.orgfelschrhttps://github.com/NixOS/nixpkgs/pull/263399 https://github.com/NixOS/nixpkgs/pull/26340112:17:26
@streets_saucing:matrix.orgstreets joined the room.12:33:50
@felschr:matrix.orgfelschrPRs now have one approval each21:44:21
27 Oct 2023
@federicodschonborn:matrix.org@federicodschonborn:matrix.org changed their profile picture.01:24:45
@vcunat:matrix.orgvcunat
In reply to @k900:0upti.me
https://www.phoronix.com/news/X.Org-Halloween-Bugs-2023 and a bunch of X11 vulns because duh
I wonder how bad they are - rebuilds vs. speed of update:
https://github.com/NixOS/nixpkgs/pull/263689#issuecomment-1782340466 		06:15:31
@k900:0upti.meK900Huh06:16:41

Show newer messages

Back to Room ListRoom Version: 6