| 11 Oct 2023 |
 ⛧-440729 [sophie raven] (it/its) | * PR for staging-23.05: https://github.com/NixOS/nixpkgs/pull/260381 | 06:50:19 |
 vcunat | Hmm, that's annoying. It seems really hard to resolve autoconf issues without reimporting nixpkgs.
I tested the patch by using autoreconfHook from a different nixpkgs version. With that the build passes with the backported patch. | 07:44:38 |
| vcunat | I don't know, I'll probably give it up for the current staging-next-23.05. In case someone wants to experiment, you can get prototype patch for nghttp2 (version without touching generated stuff): https://github.com/vcunat/nghttp2/pull/new/p/backport-cve-2023-44487 | 10:21:12 |
|  @dexternemrod:matrix.org left the room. | 17:47:38 |
|  @xfix:matrix.org changed their display name from xfix to xfix (she/her). | 18:19:58 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 19:34:58 |
|  幸猫 (𝗍𝗁𝖾𝗒/𝗍𝗁𝖾𝗆) changed their display name from FC (they/them) to Fay (she/her). | 20:54:19 |
| 12 Oct 2023 |
| ⛧-440729 [sophie raven] (it/its) | Can someone please review and merge the PR for curl 8.4.0? https://github.com/NixOS/nixpkgs/pull/260378 | 06:42:30 |
|  ajs124 changed their profile picture. | 21:42:48 |
| 13 Oct 2023 |
 AkechiShiro | Redacted or Malformed Event | 15:21:14 |
| AkechiShiro | Here is an oss-security mail that has a lot of advisory compiled in : https://www.openwall.com/lists/oss-security/2023/10/10/6 | 15:22:24 |
| AkechiShiro | * Here is an oss-security mail that has a lot of advisory compiled in (so we have a better idea which software needs an update or not) : https://www.openwall.com/lists/oss-security/2023/10/10/6 | 15:22:41 |
| AkechiShiro | I see even more links here : https://www.cve.org/CVERecord?id=CVE-2023-44487
But some are not strictly about open source software, might also be of help | 16:09:38 |
| 14 Oct 2023 |
|  leifb joined the room. | 09:22:09 |
| 15 Oct 2023 |
|  meet changed their display name from meet to meetm. | 07:05:59 |
|  Pratham Patel changed their display name from Pratham Patel to Pratham Patel (you can mention me). | 07:24:16 |
 K900 | https://exim.org/static/doc/security/CVE-2023-zdi.txt | 20:35:06 |
| K900 | Five billion CVEs in exim | 20:35:12 |
 hexa | ajs124: | 20:40:26 |
| hexa | pretty sure these aren't new | 20:40:40 |
| K900 | Some aren't | 20:41:51 |
| K900 | But there's some bonus new ones | 20:41:54 |
| ajs124 | In reply to @hexa:lossy.network
pretty sure these aren't new they aren't, but the fixes are new https://github.com/NixOS/nixpkgs/pull/261279 | 21:07:31 |
| 17 Oct 2023 |
|  camocatx joined the room. | 21:51:51 |
| 18 Oct 2023 |
|  @sptz:matrix.org joined the room. | 06:01:15 |
 @mtheil:scs.ems.host | The OpenSSL project team would like to announce the upcoming release of
OpenSSL versions 3.1.4 and 3.0.12.
These releases will be made available on Tuesday 24th October 2023
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue fixed in
each of these two releases is Moderate:
| 11:46:16 |
|  ghishadow changed their profile picture. | 12:52:11 |
| 19 Oct 2023 |
 delroth | Apache 2.4.58: https://downloads.apache.org/httpd/CHANGES_2.4.58 (CVE-2023-45802, CVE-2023-43622, CVE-2023-31122) | 14:35:04 |
| delroth | * Apache 2.4.58: https://downloads.apache.org/httpd/CHANGES_2.4.58 (CVE-2023-45802, CVE-2023-43622, CVE-2023-31122)
https://github.com/NixOS/nixpkgs/pull/262075 | 14:35:44 |
| 20 Oct 2023 |
 Lun | Recent zlib CVE, don't know if this needs patched quickly
https://nvd.nist.gov/vuln/detail/CVE-2023-45853 https://github.com/madler/zlib/pull/843 | 00:13:19 |
