!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

725 Members
Coordination and triage of security issues in nixpkgs220 Servers

Load older messages

SenderMessageTime
15 Oct 2023
@k900:0upti.meK900https://exim.org/static/doc/security/CVE-2023-zdi.txt20:35:06
@k900:0upti.meK900Five billion CVEs in exim20:35:12
@hexa:lossy.networkhexa ajs124: 20:40:26
@hexa:lossy.networkhexapretty sure these aren't new20:40:40
@k900:0upti.meK900Some aren't20:41:51
@k900:0upti.meK900But there's some bonus new ones20:41:54
@ajs124:ajs124.deajs124
In reply to @hexa:lossy.network
pretty sure these aren't new
they aren't, but the fixes are new https://github.com/NixOS/nixpkgs/pull/261279 		21:07:31
17 Oct 2023
@camocatx:matrix.orgcamocatx joined the room.21:51:51
18 Oct 2023
@sptz:matrix.org@sptz:matrix.org joined the room.06:01:15
@mtheil:scs.ems.host@mtheil:scs.ems.host 
The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.1.4 and 3.0.12.

These releases will be made available on Tuesday 24th October 2023
between 1300-1700 UTC.

These are security-fix releases. The highest severity issue fixed in
each of these two releases is Moderate:
11:46:16
@ghishadow:matrix.orgghishadow changed their profile picture.12:52:11
19 Oct 2023
@delroth:delroth.netdelrothApache 2.4.58: https://downloads.apache.org/httpd/CHANGES_2.4.58 (CVE-2023-45802, CVE-2023-43622, CVE-2023-31122)14:35:04
@delroth:delroth.netdelroth * Apache 2.4.58: https://downloads.apache.org/httpd/CHANGES_2.4.58 (CVE-2023-45802, CVE-2023-43622, CVE-2023-31122) https://github.com/NixOS/nixpkgs/pull/262075 14:35:44
20 Oct 2023
@lt1379:matrix.orgLunRecent zlib CVE, don't know if this needs patched quickly https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/84300:13:19
@ninjatrappeur:alternativebit.fr@ninjatrappeur:alternativebit.fr changed their display name from NinjaTrappeur to PicNoir (was Ninjatrappeur).10:33:36
@julian:nekover.se@julian:nekover.se changed their display name from Julian to miau.15:05:16
@julian:nekover.se@julian:nekover.se changed their display name from miau to Julian.15:07:31
21 Oct 2023
@pederbs:pvv.ntnu.nopbsds joined the room.10:17:11
@rwx-rwx-rwx:matrix.orgMikael Fangel changed their display name from rwx-rwx-rwx to Mikael Fangel.17:15:39
@rwx-rwx-rwx:matrix.orgMikael Fangel set a profile picture.17:22:09
22 Oct 2023
@tgerbet:matrix.orgtgerbet
In reply to @lt1379:matrix.org
Recent zlib CVE, don't know if this needs patched quickly
https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/843

It only impacts minizip and not zlib itself

https://github.com/NixOS/nixpkgs/pull/262722

11:19:25
@globin:toznenetl.chatglobin joined the room.20:01:57
23 Oct 2023
@ss:someonex.netSomeoneSerge (matrix works sometimes) changed their display name from Someone (UTC+3) to SomeoneSerge (UTC+1).09:09:21
@robin.gloster:matrix.mayflower.deglobin left the room.09:49:04
@globin:toznenetl.chatglobin set a profile picture.14:27:40
24 Oct 2023
@hexa:lossy.networkhexaworking on openssl14:03:43
@hexa:lossy.networkhexa

Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

14:07:36
@hexa:lossy.networkhexahttps://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md#major-changes-between-openssl-3011-and-openssl-3012-24-oct-202314:07:41
@k900:0upti.meK900That doesn't look too bad at least14:08:04
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/26315014:14:26

Show newer messages

Back to Room ListRoom Version: 6