!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

656 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22204 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
4 Sep 2024
@insurgo:matrix.orgtlaurion aka Insurgo [ Timezone: ET ] changed their display name from tlaurion aka Insurgo [UTC-4] to tlaurion aka Insurgo [UTC-4] (expect delays in answers).20:32:11
@ss:someonex.netSomeoneSerge (back on matrix) changed their display name from SomeoneSerge (UTC+3) to SomeoneSerge (nix.camp).21:49:21
5 Sep 2024
@necoarc:transfem.dev@necoarc:transfem.dev joined the room.03:38:58
@necoarc:transfem.dev@necoarc:transfem.dev removed their display name Neco-Arc.03:49:32
@necoarc:transfem.dev@necoarc:transfem.dev removed their profile picture.03:49:32
@necoarc:transfem.dev@necoarc:transfem.dev left the room.03:49:32
@hexa:lossy.networkhexahttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4550616:23:24
@hexa:lossy.networkhexa * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45506 haproxy16:23:28
@hexa:lossy.networkhexaI'm bumping release-24.05 to 2.9.10, can someone take master. i have to run16:23:48
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/33984016:25:27
@hexa:lossy.networkhexahttps://groups.google.com/g/golang-announce/c/K-cEzDeCtpc 18:05:50
6 Sep 2024
@sugi:matrix.besaid.detokudanforgejo is going to need an update to 8.0.3 or 7.0.916:56:18
@sugi:matrix.besaid.detokudan * forgejo is going to need an update to 8.0.3 or 7.0.9 (https://codeberg.org/forgejo/forgejo/milestone/8231)16:59:42
@hexa:lossy.networkhexa emily, adamcstephens 17:01:01
@hexa:lossy.networkhexa(pretty sure they are aware)17:01:10
@hexa:lossy.networkhexa * (pretty sure they are aware, but still)17:01:14
@emilazy:matrix.orgemily(wrong emily?)17:01:17
@emilazy:matrix.orgemily emily: 17:01:19
@hexa:lossy.networkhexaE_TOOMANYEMILIES17:01:32
@hexa:lossy.networkhexa * E_TOOMANYEMILYS 17:01:42
@networkexception:nwex.denetworkExceptionM_NOT_ENOUGH_EMILYS17:26:36
@adam:robins.wtfadamcstephensmerged21:26:16
7 Sep 2024
@hexa:lossy.networkhexahttps://seclists.org/tcpdump/2024/q3/303:30:00
@mtheil:scs.ems.hostMarkus TheilAfter fixing some build issues of systemd dependencies, the OpenSSL update is now ready for review from my side: https://github.com/NixOS/nixpkgs/pull/33961409:20:38
@mtheil:scs.ems.hostMarkus TheilOpenSSL increased the default security level from version line to version line: https://docs.openssl.org/1.1.1/man3/SSL_CTX_set_security_level/ With OpenSSL 3.2+ the default is 2.09:27:56
@mtheil:scs.ems.hostMarkus TheilShould we define this to a lower default or should users deal with it?09:28:19
@mtheil:scs.ems.hostMarkus Theil3.0.x used level 1.09:29:53

Show newer messages

Back to Room ListRoom Version: 6