| 30 Jun 2024 |
|  tlaurion aka Insurgo [ Timezone: ET ] changed their display name from tlaurion aka Insurgo [UTC-4] to tlaurion aka Insurgo [UTC-4] (Canadian Dominion holiday, back July 2nd). | 17:28:30 |
| 1 Jul 2024 |
 ari ❄ | https://www.openssh.com/releasenotes.html | 08:35:55 |
 K900 | Oh no | 08:37:08 |
 emily | do openssh bumps go to master or staging? | 08:40:51 |
 Alyssa Ross | master | 08:41:12 |
| Alyssa Ross | e.g. https://github.com/NixOS/nixpkgs/pull/295133 | 08:41:22 |
| K900 | I can do a PR in like 30 | 08:41:50 |
| emily | I'm building already & can do the PR but I don't know if there's specific procedure around assigning an advisory or whatever | 08:41:50 |
| K900 | If no one snipes | 08:41:53 |
| K900 | In reply to @emilazy:matrix.org
I'm building already & can do the PR but I don't know if there's specific procedure around assigning an advisory or whatever No, just send it | 08:41:57 |
| K900 | And mention the CVE in the description | 08:42:04 |
| emily | alright, I'm on it | 08:42:17 |
| Alyssa Ross | Is there even a CVE? | 08:42:52 |
| emily | seems like there's not actually a CVE | 08:42:54 |
| Alyssa Ross | release notes don't mention one | 08:42:57 |
| emily | but I'll mention it | 08:42:57 |
| Alyssa Ross | ugh | 08:42:58 |
| emily | did they even give any prior notice of this? | 08:44:09 |
 tgerbet | No it looks like it was reported by Qualys, they likely will publish an advisory later today I guess | 08:44:47 |
| ari ❄ | gentoo patch mentions CVE-2024-6387 https://github.com/gentoo/gentoo/commit/083d7d12832b91073f5cac94df2ba067495857a7 | 08:45:41 |
| emily | https://github.com/NixOS/nixpkgs/pull/323753 | 08:45:45 |
| emily | In reply to @ar:is-a.cat
gentoo patch mentions CVE-2024-6387 https://github.com/gentoo/gentoo/commit/083d7d12832b91073f5cac94df2ba067495857a7 thanks, I'll add that | 08:45:55 |
| emily | can someone check the build on linux if ofborg doesn't get to it first? | 08:48:18 |
| Alyssa Ross | already on it | 08:48:23 |
| emily | don't have my VM up right now | 08:48:24 |
| Alyssa Ross | 23.11 is EOL as of yesterday btw | 08:48:25 |
| emily | I figured we might as well throw people a bone when it's a root RCE | 08:48:43 |
| emily | I was considering backporting to 23.05, even | 08:48:47 |
| Alyssa Ross | yeah fair enough | 08:48:49 |
| Alyssa Ross | I've had RMs yell at me for backporting too far before, to avoid giving a false sense of security to users on ancient releases, so I wouldn't do 23.05. | 08:49:17 |
