| 7 Sep 2024 |
 hexa | https://seclists.org/tcpdump/2024/q3/3 | 03:30:00 |
 Markus Theil | After fixing some build issues of systemd dependencies, the OpenSSL update is now ready for review from my side: https://github.com/NixOS/nixpkgs/pull/339614 | 09:20:38 |
| Markus Theil | OpenSSL increased the default security level from version line to version line: https://docs.openssl.org/1.1.1/man3/SSL_CTX_set_security_level/
With OpenSSL 3.2+ the default is 2. | 09:27:56 |
| Markus Theil | Should we define this to a lower default or should users deal with it? | 09:28:19 |
| Markus Theil | 3.0.x used level 1. | 09:29:53 |
 emily | In reply to @mtheil:scs.ems.host
Should we define this to a lower default or should users deal with it? let's not opt in to worse security, users can deal with it unless it causes mass breakage | 10:44:16 |
| emily | not even mail servers should be using SSL 3.0 or 1024-bit RSA | 10:45:25 |
| emily | (let's move this to the non triage room though?) | 10:46:53 |
|  @vincenttc:matrix.org left the room. | 16:19:37 |
 qubitnano | https://community.ui.com/releases/Security-Advisory-Bulletin-042-042/c4f68b56-cdc4-4128-b2cb-5870209d1704 | 16:19:42 |
| qubitnano | Just need to backport 8.4 to 24.05 and drop unifi7, right? | 16:25:41 |
| hexa | "just" π | 16:26:43 |
| hexa | talk to the maintainers globin patryk4815 | 16:27:13 |
| 9 Sep 2024 |
|  @david:matrix.galvanix.com left the room. | 17:54:26 |
| hexa | https://github.com/NixOS/nixpkgs/pull/340852 | 19:55:45 |
|  @vengmark2:matrix.org joined the room. | 20:39:55 |
| @vengmark2:matrix.org left the room. | 20:40:51 |
 ma27 | backport for that: https://github.com/NixOS/nixpkgs/pull/340868
prepared a small advisory, will publish when these hit the channels. | 21:17:45 |
| 10 Sep 2024 |
| hexa | https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910 | 18:36:19 |
| 11 Sep 2024 |
| hexa | https://curl.se/docs/CVE-2024-8096.html | 12:35:28 |
| hexa | * https://curl.se/docs/CVE-2024-8096.html curl w/ gnutls | 12:35:50 |
 K900 | Steam no longer affected :P | 12:36:18 |
|  nyanbinary left the room. | 15:29:00 |
| 13 Sep 2024 |
|  tlaurion aka Insurgo [ Timezone: ET ] changed their display name from tlaurion aka Insurgo [UTC-4] (expect delays in answers) to tlaurion aka Insurgo [UTC-4] (expect long delays in answers). | 03:45:37 |
 cafkafk | is this known https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/, can't find any pr/issue on it, and as far as I can tell gitlab and gitlab-ee is affected | 05:39:49 |
| cafkafk | * is this known https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/, can't find any pr/issue on it, and as far as I can tell gitlab and gitlab-ee is affected (nvm, found https://github.com/NixOS/nixpkgs/pull/341398, I'm just blind) | 06:01:10 |
 aidalgol | In reply to @k900:0upti.me
Steam no longer affected :P Because of the recent PR that removed a ton of optional dependencies, or something else? | 20:06:56 |
| K900 | In reply to @aidalgol:matrix.org
Because of the recent PR that removed a ton of optional dependencies, or something else? Because of another recent PR replacing curlWithGnuTls with just curl | 20:21:53 |
| 14 Sep 2024 |
|  SomeoneSerge (back on matrix) changed their display name from SomeoneSerge (nix.camp) to SomeoneSerge (utc+3). | 11:38:19 |
| tlaurion aka Insurgo [ Timezone: ET ] changed their display name from tlaurion aka Insurgo [UTC-4] (expect long delays in answers) to tlaurion aka Insurgo [UTC-4] (π«πΊοΈπ¬: Back 2024-10-01)). | 19:38:51 |
