| 30 Jan 2024 |
 vcunat | One of these might be a low-rebuild change, but I suppose there's no hurry to get the changes anyway? | 15:43:08 |
 ajs124 | 3.2 should be low rebuild | 15:45:19 |
 @mtheil:scs.ems.host | For 23.11: https://github.com/NixOS/nixpkgs/pull/285027 | 16:07:53 |
 delroth | https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt | 18:35:50 |
| delroth | switching the wrappers to musl was a very good idea | 18:36:06 |
 @aloisw:kde.org | In reply to @delroth:delroth.net
switching the wrappers to musl was a very good idea The wrappers do not call syslog. | 18:53:01 |
| delroth | this was a general statement on glibc, not on this particular vuln :) | 18:54:37 |
 tgerbet | In reply to @delroth:delroth.net
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt https://github.com/NixOS/nixpkgs/pull/285050 | 18:57:59 |
| delroth | we can move followup discussion to the discuss channel, I think we do need to remediate that last glibc vuln because wrappers forward all of argv (including argv[0]) to the wrapped program | 18:58:10 |
| 31 Jan 2024 |
|  @federicodschonborn:matrix.org changed their profile picture. | 03:36:03 |
| @federicodschonborn:matrix.org changed their profile picture. | 06:21:40 |
|  DerivationDingus joined the room. | 09:35:10 |
|  @yuka:yuka.dev joined the room. | 13:19:37 |
| delroth | https://curl.se/docs/CVE-2024-0853.html (low sev) | 13:37:20 |
 hexa | taking that | 14:08:31 |
|  shlevy joined the room. | 14:55:05 |
| hexa | https://github.com/NixOS/nixpkgs/pull/285295 | 15:19:05 |
| 1 Feb 2024 |
|  deightz joined the room. | 04:05:10 |
 ⛧-440729 [sophie raven] (it/its) | https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
TL;DR multiple container escapes in docker. runc, buildkit and containerd need to be updated. I'm on it | 07:50:44 |
| ⛧-440729 [sophie raven] (it/its) | Well, was already done by the bot, though the first two of these aren't merged yet
https://github.com/NixOS/nixpkgs/pull/285438
https://github.com/NixOS/nixpkgs/pull/285407
https://github.com/NixOS/nixpkgs/pull/285418 | 07:54:17 |
 leona | I created some backport PRs to 23.11 (automatic wouldn't have worked):
https://github.com/NixOS/nixpkgs/pull/285507
https://github.com/NixOS/nixpkgs/pull/285508
https://github.com/NixOS/nixpkgs/pull/285510 | 09:34:13 |
|  ximnoise joined the room. | 09:53:02 |
| ximnoise set a profile picture. | 10:03:31 |
| delroth | https://mastodon.social/@MastodonEngineering/111856895554844910 the patches are out apparently | 15:22:11 |
| delroth | https://github.com/mastodon/mastodon/releases/tag/v4.2.5 presumably | 15:22:28 |
| delroth | and taken care of by https://github.com/NixOS/nixpkgs/pull/285558 | 15:22:45 |
|  schmittlauch (he/him) joined the room. | 16:55:14 |
|  @kudzu:envs.net left the room. | 17:45:38 |
| 2 Feb 2024 |
|  Specx joined the room. | 07:11:03 |
|  dan_nrw joined the room. | 09:52:50 |
