!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

713 Members
Coordination and triage of security issues in nixpkgs217 Servers

Load older messages

SenderMessageTime
4 Feb 2024
@jtojnar:matrix.orgJan Tojnar * UAF in libxml2 again: https://github.com/NixOS/nixpkgs/pull/28630014:52:36
@tgerbet:matrix.orgtgerbet
In reply to @vcunat:matrix.org
gnupg: some kind of 23.11 backport is needed?
https://github.com/NixOS/nixpkgs/pull/284778#issuecomment-1925757262
Cherry-picks done in https://github.com/NixOS/nixpkgs/pull/286302 		14:53:55
@raboof:matrix.orgraboof changed their display name from raboof @FOSDEM to raboof.17:41:47
@hexa:lossy.networkhexahttps://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.518:05:29
@hexa:lossy.networkhexa cc Jan Tojnar 18:05:46
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/28630018:06:18
@hexa:lossy.networkhexaok, failed to find it via github search18:06:53
5 Feb 2024
@puck:puck.moepuck joined the room.12:48:55
@adam:robins.wtf@adam:robins.wtf adding in:title can be helpful, if you're not already using that 14:34:16
@ThorHop:matrix.org@ThorHop:matrix.org removed their profile picture.22:45:55
@ThorHop:matrix.org@ThorHop:matrix.org removed their display name IdeallyYes.22:46:41
@ThorHop:matrix.org@ThorHop:matrix.org left the room.22:47:12
@hexa:lossy.networkhexa https://webkitgtk.org/security/WSA-2024-0001.html Jan Tojnar 23:59:26
7 Feb 2024
@hexa:lossy.networkhexahttps://github.com/python/cpython/issues/11365917:39:34
@hexa:lossy.networkhexa * https://github.com/python/cpython/issues/113659 doing the bumps17:39:55
@hexa:lossy.networkhexa

New releases of 3.8, 3.9 and 3.10 containing the same fix are expected next week.

17:47:34
@hexa:lossy.networkhexahttps://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes17:53:58
@hexa:lossy.networkhexaregresses the python3 test suite, I'm following https://github.com/python/cpython/issues/11513317:54:18
8 Feb 2024
@drewskiwooskie:matrix.org@drewskiwooskie:matrix.org joined the room.03:16:46
@symys:dailyaslbot.twilightparadox.comsymys joined the room.07:21:42
@vcunat:matrix.orgvcunatSomeone who knows gnupg might comment on whether update is the right way (or some attempt to backport patches instead): https://github.com/NixOS/nixpkgs/pull/28630212:09:41
@k900:0upti.meK900https://blog.clamav.net/2023/11/clamav-130-122-105-released.html12:42:37
@k900:0upti.meK900Critical ClamAV vuln (ignore date in URL, was not published because of embargo)12:42:54
@k900:0upti.meK900 @globin 12:43:20
@hexa:lossy.networkhexa

https://www.openwall.com/lists/oss-security/2024/02/08/3
https://www.openwall.com/lists/oss-security/2024/02/08/4

adamcstephens 🐝 maybe?

20:31:37
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2024/02/08/2 marsam20:32:13
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/28722620:32:36
10 Feb 2024
@hexa:lossy.networkhexa https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf raitobezarius 04:11:16
@hexa:lossy.networkhexa * https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf raitobezarius9.9/10 🚨 04:11:36
@chn2guevara:matrix.orgsomeone-stole-my-name joined the room.09:54:20

Show newer messages

Back to Room ListRoom Version: 6