| 24 Jan 2024 |
 AkechiShiro | * Hi, should security fixes be backported usually on the stable release ? (I'd guess yes as long as it is not a major version change?)
Asking for https://github.com/NixOS/nixpkgs/pull/283179 related to https://nitter.net/_msw_/status/1749999077100855638#m | 12:37:49 |
 hexa | we could get away with just bumping minizip | 12:43:49 |
| hexa | but oh well, let me set up the backport | 12:50:36 |
 tgerbet | The minizip issue with the scary CVSS score was handled in https://github.com/NixOS/nixpkgs/pull/262722 | 16:42:53 |
|  octodi set a profile picture. | 19:06:44 |
 felschr | https://github.com/NixOS/nixpkgs/pull/283544 | 21:42:32 |
| 25 Jan 2024 |
| felschr | * https://github.com/NixOS/nixpkgs/pull/283544 (all checks have passed now) | 01:47:11 |
 leona | https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ againā¦ | 22:54:34 |
 yaya | https://github.com/NixOS/nixpkgs/pull/283888 | 23:54:49 |
| 26 Jan 2024 |
| hexa | https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d | 02:31:53 |
| hexa | cc raitobezarius | 02:32:17 |
 raitobezarius | cc @baloo Linux Hackerman: ^ | 02:33:12 |
| hexa | enobaloo | 02:33:20 |
 @linus:schreibt.jetzt | oh no I didn't want to know that shim has HTTP š¤¦ | 11:08:20 |
| @linus:schreibt.jetzt | In reply to @hexa:lossy.network
https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d https://github.com/NixOS/nixpkgs/pull/283471 | 12:19:01 |
| 27 Jan 2024 |
|  @metanoic:matrix.org joined the room. | 13:31:42 |
|  @dooy:matrix.org changed their display name from Dooygoy to stablejoy. | 13:37:43 |
| 28 Jan 2024 |
|  nf changed their profile picture. | 14:04:04 |
|  @kudzu:envs.net joined the room. | 20:37:07 |
| 29 Jan 2024 |
 Sandro | https://github.com/NixOS/nixpkgs/pull/284771
I think https://github.com/paperless-ngx/paperless-ngx/issues/5502 applies only applies to custom configuration but it is an authentication bypass for a very sensitive system. | 13:42:19 |
| Sandro |
We are planning to release critical security patches for versions 3.5, 4.1, 4.2 and nightly this Thursday, Feb 01, at 15:00 UTC. We encourage server administrators to plan for a timely upgrade to ensure their Mastodon server is protected.
https://c3d2.social/@MastodonEngineering@mastodon.social/111839555900486563
| 13:52:17 |
|  @xfix:matrix.org left the room. | 14:52:41 |
|  @flandweber:envs.net joined the room. | 15:01:57 |
|  jarrrkob joined the room. | 15:18:04 |
| @flandweber:envs.net changed their display name from flandweber to Finn Landweber. | 18:20:08 |
| 30 Jan 2024 |
|  Hugo Ribeiro joined the room. | 02:22:47 |
| hexa | Markus Theil: openssl updates are live | 14:24:45 |
 @mtheil:scs.ems.host | thx, PR follows soon. | 14:26:12 |
| @mtheil:scs.ems.host | https://github.com/NixOS/nixpkgs/pull/285019 | 15:31:51 |
| @mtheil:scs.ems.host | As the severity of the fixed issues is low, I'm waiting for a list of fixed things to appear on openssl.org | 15:32:33 |
