!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

680 Members
Coordination and triage of security issues in nixpkgs212 Servers

Load older messages

SenderMessageTime
6 Sep 2024
@hexa:lossy.networkhexa(pretty sure they are aware)17:01:10
@hexa:lossy.networkhexa * (pretty sure they are aware, but still)17:01:14
@emilazy:matrix.orgemily(wrong emily?)17:01:17
@emilazy:matrix.orgemily emily: 17:01:19
@hexa:lossy.networkhexaE_TOOMANYEMILIES17:01:32
@hexa:lossy.networkhexa * E_TOOMANYEMILYS 17:01:42
@networkexception:nwex.denetworkExceptionM_NOT_ENOUGH_EMILYS17:26:36
@adam:robins.wtfadamcstephensmerged21:26:16
7 Sep 2024
@hexa:lossy.networkhexahttps://seclists.org/tcpdump/2024/q3/303:30:00
@mtheil:scs.ems.hostMarkus TheilAfter fixing some build issues of systemd dependencies, the OpenSSL update is now ready for review from my side: https://github.com/NixOS/nixpkgs/pull/33961409:20:38
@mtheil:scs.ems.hostMarkus TheilOpenSSL increased the default security level from version line to version line: https://docs.openssl.org/1.1.1/man3/SSL_CTX_set_security_level/ With OpenSSL 3.2+ the default is 2.09:27:56
@mtheil:scs.ems.hostMarkus TheilShould we define this to a lower default or should users deal with it?09:28:19
@mtheil:scs.ems.hostMarkus Theil3.0.x used level 1.09:29:53
@emilazy:matrix.orgemily
In reply to @mtheil:scs.ems.host
Should we define this to a lower default or should users deal with it?
let's not opt in to worse security, users can deal with it unless it causes mass breakage 		10:44:16
@emilazy:matrix.orgemilynot even mail servers should be using SSL 3.0 or 1024-bit RSA10:45:25
@emilazy:matrix.orgemily(let's move this to the non triage room though?)10:46:53
@vincenttc:matrix.org@vincenttc:matrix.org left the room.16:19:37
@qubitnano:matrix.orgqubitnanohttps://community.ui.com/releases/Security-Advisory-Bulletin-042-042/c4f68b56-cdc4-4128-b2cb-5870209d170416:19:42
@qubitnano:matrix.orgqubitnanoJust need to backport 8.4 to 24.05 and drop unifi7, right?16:25:41
@hexa:lossy.networkhexa"just" 🙂 16:26:43
@hexa:lossy.networkhexa talk to the maintainers globin patryk4815 16:27:13
9 Sep 2024
@david:matrix.galvanix.com@david:matrix.galvanix.com left the room.17:54:26
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/34085219:55:45
@vengmark2:matrix.org@vengmark2:matrix.org joined the room.20:39:55
@vengmark2:matrix.org@vengmark2:matrix.org left the room.20:40:51
@ma27:nicht-so.sexyma27

backport for that: https://github.com/NixOS/nixpkgs/pull/340868

prepared a small advisory, will publish when these hit the channels.

21:17:45
10 Sep 2024
@hexa:lossy.networkhexahttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-2024091018:36:19
11 Sep 2024
@hexa:lossy.networkhexahttps://curl.se/docs/CVE-2024-8096.html12:35:28
@hexa:lossy.networkhexa * https://curl.se/docs/CVE-2024-8096.html curl w/ gnutls12:35:50
@k900:0upti.meK900Steam no longer affected :P12:36:18

Show newer messages

Back to Room ListRoom Version: 6