!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

697 Members
Coordination and triage of security issues in nixpkgs216 Servers

Load older messages

SenderMessageTime
17 Apr 2024
@k900:0upti.meK900 17:21:55
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2024/04/17/9 ma27 22:53:09
18 Apr 2024
@dmorab:matrix.orgdmorab joined the room.16:53:21
@smorci:matrix.orgsmorci joined the room.19:52:56
@smorci:matrix.orgsmorci changed their display name from Szekely Marton to smorci.19:54:16
@smorci:matrix.orgsmorci set a profile picture.19:54:50
@sugi:matrix.besaid.desugihttps://forgejo.org/2024-04-release-v1-21-11-0/ <- forgejo security update to 1.21.1120:45:39
@hexa:lossy.networkhexa emily: 21:07:16
@hexa:lossy.networkhexa * cc emily: 21:07:21
19 Apr 2024
@mjm:midna.devmjm changed their profile picture.19:17:27
20 Apr 2024
@cafkafk:gitter.imcafkafk changed their profile picture.13:17:14
21 Apr 2024
@r_i_s:matrix.orgris_ what are we doing about hashicorp vault in stable now? CVE-2024-2660 indicates we should upgrade stable to 1.14.11, but the only 1.14.11 tag on github is v1.14.11+ent, which appears to be BSL 18:59:50
@magic_rb:matrix.redalder.orgmagic_rbwe have to either not upgrade and mark as broken or change license, not really anything else we can do (hashicorp never ceases to disappoint)19:00:58
@magic_rb:matrix.redalder.orgmagic_rb * we have to either not upgrade and mark as insecure or change license, not really anything else we can do (hashicorp never ceases to disappoint)19:01:14
@r_i_s:matrix.orgris_sure.. but which?19:48:09
@magic_rb:matrix.redalder.orgmagic_rbWe change the license and introduce a warning saying it changed in case someone has allowUnfree but doesnt want to use nonfree vault. If we broke it people couldnt upgrade at all19:49:13
@magic_rb:matrix.redalder.orgmagic_rb * We change the license and introduce a warning saying it changed in case someone has allowUnfree but doesnt want to use nonfree vault. If we broke it people couldnt upgrade at all
Moving to #security-discuss:nixos.org 		19:49:52
22 Apr 2024
@sarosa:infosec.exchange@sarosa:infosec.exchange joined the room.14:03:35
23 Apr 2024
@teutat3s:pub.solarteutat3shttps://github.com/element-hq/synapse/releases/tag/v1.105.1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3120816:51:25
@teutat3s:pub.solarteutat3sDone in https://github.com/NixOS/nixpkgs/pull/30632617:04:44
24 Apr 2024
@stablejoy:matrix.org@stablejoy:matrix.org changed their profile picture.08:59:19
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2024/04/24/1 pdns-recursor11:35:58
@0x4a6f:matrix.org[0x4A6F]Not tested yet: https://github.com/NixOS/nixpkgs/pull/30654314:23:29
@joachim.ernst:helsinki-systems.deJoachim Ernst joined the room.14:24:48
@lourkeur:nixos.dev@lourkeur:nixos.dev left the room.14:26:49
25 Apr 2024
@tollb1:matrix.orgtollb1 joined the room.00:54:57
@delroth:delroth.netdelroth left the room.14:43:42
@ss:someonex.netSomeoneSerge (back on matrix) changed their display name from SomeoneSerge (void) to SomeoneSerge (UTC+1).23:02:29
26 Apr 2024
@mjolnir:nixos.orgNixOS Moderation Bot banned @timdeh:matrix.org@timdeh:matrix.org (<no reason supplied>).11:26:31
@stablejoy:matrix.org@stablejoy:matrix.org changed their profile picture.14:03:56

Show newer messages

Back to Room ListRoom Version: 6