!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

713 Members
Coordination and triage of security issues in nixpkgs220 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
19 Oct 2023
@delroth:delroth.netdelroth * Apache 2.4.58: https://downloads.apache.org/httpd/CHANGES_2.4.58 (CVE-2023-45802, CVE-2023-43622, CVE-2023-31122) https://github.com/NixOS/nixpkgs/pull/262075 14:35:44
20 Oct 2023
@lt1379:matrix.orgLunRecent zlib CVE, don't know if this needs patched quickly https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/84300:13:19
@ninjatrappeur:alternativebit.fr@ninjatrappeur:alternativebit.fr changed their display name from NinjaTrappeur to PicNoir (was Ninjatrappeur).10:33:36
@julian:nekover.se@julian:nekover.se changed their display name from Julian to miau.15:05:16
@julian:nekover.se@julian:nekover.se changed their display name from miau to Julian.15:07:31
21 Oct 2023
@pederbs:pvv.ntnu.nopbsds joined the room.10:17:11
@rwx-rwx-rwx:matrix.orgMikael Fangel changed their display name from rwx-rwx-rwx to Mikael Fangel.17:15:39
@rwx-rwx-rwx:matrix.orgMikael Fangel set a profile picture.17:22:09
22 Oct 2023
@tgerbet:matrix.orgtgerbet
In reply to @lt1379:matrix.org
Recent zlib CVE, don't know if this needs patched quickly
https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/843

It only impacts minizip and not zlib itself

https://github.com/NixOS/nixpkgs/pull/262722

11:19:25
@globin:toznenetl.chatglobin joined the room.20:01:57
23 Oct 2023
@ss:someonex.netSomeoneSerge (matrix works sometimes) changed their display name from Someone (UTC+3) to SomeoneSerge (UTC+1).09:09:21
@robin.gloster:matrix.mayflower.deglobin left the room.09:49:04
@globin:toznenetl.chatglobin set a profile picture.14:27:40
24 Oct 2023
@hexa:lossy.networkhexaworking on openssl14:03:43
@hexa:lossy.networkhexa

Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

14:07:36
@hexa:lossy.networkhexahttps://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-202314:07:41
@k900:0upti.meK900That doesn't look too bad at least14:08:04
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/26315014:14:26
@hexa:lossy.networkhexa

Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length (CVE-2023-5363).

14:20:20
@hexa:lossy.networkhexanow with more words!14:20:24
@mtheil:scs.ems.host@mtheil:scs.ems.host hexa: Do you also open a PR for 23.05 or can I? 14:43:56
@hexa:lossy.networkhexahrm, backport action won't do it, because of openssl_3_114:44:53
@mtheil:scs.ems.host@mtheil:scs.ems.hostyep14:44:58

Show newer messages

Back to Room ListRoom Version: 6