!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

705 Members
Coordination and triage of security issues in nixpkgs217 Servers

Load older messages

SenderMessageTime
3 Dec 2023
@er10:matrix.org@er10:matrix.org joined the room.00:05:00
@ThorHop:matrix.org@ThorHop:matrix.org changed their display name from hopland (valorent vicky) to hopland (meticulous montesquieu).14:08:43
* @r_i_s:matrix.orgris_ returns to the idea of having something like a meta.knownVendoredIn attribute that lists packages we know vendor copies of this package, to make our lives easier when patching vulnerabilities 15:07:36
@cf11:0x2c.org@cf11:0x2c.org joined the room.15:10:32
@r_i_s:matrix.orgris_(wrong channel)15:15:51
@eryngion:matrix.orgeryngion joined the room.21:24:21
@eryngion:matrix.orgeryngion FYI: I see a bunch of relatively fresh CVE patches in https://github.com/meta-qt5/meta-qt5/tree/master/recipes-qt/qt5/qtbase that we don't have. 21:42:23
@k900:0upti.meK900We should have those21:43:02
@k900:0upti.meK900Because we are tracking KDE's patchset and not upstream Qt21:43:09
@k900:0upti.meK900So you need to be looking at https://invent.kde.org/qt/qt/qtbase/-/commits/kde/5.15/21:43:27
@k900:0upti.meK900As far as I can tell all the patches OE has we also have21:48:21
@k900:0upti.meK900At least the ones marked as CVE21:48:59
@eryngion:matrix.orgeryngion Yeah, somebody may have forgotten to refresh his local qtbase repo in moths and should go sleep :) 21:52:30
5 Dec 2023
@federicodschonborn:matrix.org@federicodschonborn:matrix.org changed their profile picture.00:38:37
@hexa:lossy.networkhexa https://webkitgtk.org/security/WSA-2023-0011.html Jan Tojnar et al 🙂 21:30:38
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2023/12/05/2 Mic92 qbit 21:44:19
@qbit:tapenet.org@qbit:tapenet.orgmmm21:50:59
@joerg:thalheim.ioMic92 hexa: Done. 21:51:00
@joerg:thalheim.ioMic92Should I put this in staging-next?21:51:08
@hexa:lossy.networkhexa ask in #staging:nixos.org 21:52:14
@hexa:lossy.networkhexaI think it would be fine21:52:20
@joerg:thalheim.ioMic92
In reply to @hexa:lossy.network
https://www.openwall.com/lists/oss-security/2023/12/05/2 Mic92 qbit
https://github.com/NixOS/nixpkgs/pull/272362/files 		21:57:10
6 Dec 2023
@hbakardzhiev:matrix.orgHristo Bakardzhiev joined the room.09:18:16
@stick:matrix.orgstick changed their profile picture.11:25:11
7 Dec 2023
@leona:leona.isleonahttps://github.com/NixOS/nixpkgs/pull/27267212:49:03
@k900:0upti.meK900Wew12:50:27
@igalshilman:matrix.org@igalshilman:matrix.org joined the room.19:00:33
8 Dec 2023
@unnz43yn:matrix.orgunnz43yn joined the room.17:21:04
@tim:stratum0.orgdadada (er/ihm) removed their profile picture.19:18:57
@hexa:lossy.networkhexahttps://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f21:45:32

Show newer messages

Back to Room ListRoom Version: 6