| 23 Jan 2024 |
|  @2xsaiko:tchncs.de changed their display name from Marco to 2xsaiko. | 18:17:35 |
 @mtheil:scs.ems.host | OpenSSL will release new versions on 2024-01-30. | 19:34:25 |
| @mtheil:scs.ems.host | I think there are no news on the website until now. I subscribed to some public OpenSSL mailing lists. | 19:51:59 |
| @mtheil:scs.ems.host | * I think there are no news on the website until now. I’m subscribed to some public OpenSSL mailing lists. | 19:52:15 |
 felschr | https://github.com/NixOS/nixpkgs/pull/283289 | 22:07:51 |
| 24 Jan 2024 |
 vcunat | In reply to @mtheil:scs.ems.host
OpenSSL will release new versions on 2024-01-30. That's just for those low-severity issues announced previously? | 09:55:48 |
| @mtheil:scs.ems.host | Probably. The mail was just:
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.2.1, 3.1.5 and 3.0.13.
We will be also releasing extended support OpenSSL versions 1.0.2zj and
1.1.1x which will be available to premium support customers.
These releases will be made available on Tuesday 30th January 2024
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue fixed in
each of these releases is Low:
https://www.openssl.org/policies/secpolicy.html
Yours
The OpenSSL Project Team
| 10:03:15 |
| vcunat | OK. OpenSSL marking all "Low" implies that it won't be urgent, I think. | 10:06:37 |
| @mtheil:scs.ems.host | I'll open a PR timely after release, but it probably is not urgent. | 10:10:59 |
 AkechiShiro | Hi, should security fixes be backported usually on the stable release ?
Asking for https://github.com/NixOS/nixpkgs/pull/283179 related to https://nitter.net/_msw_/status/1749999077100855638#m | 12:35:54 |
| AkechiShiro | * Hi, should security fixes be backported usually on the stable release ? (I'd guess yes as long as it is not a major version change?)
Asking for https://github.com/NixOS/nixpkgs/pull/283179 related to https://nitter.net/_msw_/status/1749999077100855638#m | 12:37:49 |
 hexa | we could get away with just bumping minizip | 12:43:49 |
| hexa | but oh well, let me set up the backport | 12:50:36 |
 tgerbet | The minizip issue with the scary CVSS score was handled in https://github.com/NixOS/nixpkgs/pull/262722 | 16:42:53 |
|  octodi set a profile picture. | 19:06:44 |
| felschr | https://github.com/NixOS/nixpkgs/pull/283544 | 21:42:32 |
| 25 Jan 2024 |
| felschr | * https://github.com/NixOS/nixpkgs/pull/283544 (all checks have passed now) | 01:47:11 |
 leona | https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ again… | 22:54:34 |
 yaya | https://github.com/NixOS/nixpkgs/pull/283888 | 23:54:49 |
| 26 Jan 2024 |
| hexa | https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d | 02:31:53 |
| hexa | cc raitobezarius | 02:32:17 |
 raitobezarius | cc @baloo Linux Hackerman: ^ | 02:33:12 |
| hexa | enobaloo | 02:33:20 |
 @linus:schreibt.jetzt | oh no I didn't want to know that shim has HTTP 🤦 | 11:08:20 |
| @linus:schreibt.jetzt | In reply to @hexa:lossy.network
https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d https://github.com/NixOS/nixpkgs/pull/283471 | 12:19:01 |
| 27 Jan 2024 |
|  @metanoic:matrix.org joined the room. | 13:31:42 |
|  @dooy:matrix.org changed their display name from Dooygoy to stablejoy. | 13:37:43 |
| 28 Jan 2024 |
|  nf changed their profile picture. | 14:04:04 |
|  @kudzu:envs.net joined the room. | 20:37:07 |
| 29 Jan 2024 |
 Sandro | https://github.com/NixOS/nixpkgs/pull/284771
I think https://github.com/paperless-ngx/paperless-ngx/issues/5502 applies only applies to custom configuration but it is an authentication bypass for a very sensitive system. | 13:42:19 |
