| 20 Aug 2024 |
|  ⛧-440729 [sophie raven] (it/its) changed their display name from sophie to ⛧-440729 [sophie] (it/its). | 20:59:39 |
| 22 Aug 2024 |
|  Jared Baur set a profile picture. | 02:07:15 |
 Jassuko | Previously semi-concerning FFmpeg CVEs seem to now have POC RCE published. Probably worth bumping the versions to the safe side rather soon.
https://securityonline.info/cve-2024-7272-critical-heap-overflow-vulnerability-discovered-in-ffmpeg-poc-published/
CVE-2024-7272: Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published | 13:08:28 |
 hexa | emily maybe? | 13:09:29 |
 emily | I think we have all the versions up to date | 13:36:10 |
| emily | at least in staging 🫠 | 13:36:14 |
| emily | I'll check… | 13:36:24 |
| emily | urgh this blogspam, where's the actual upstream announcement | 13:37:10 |
| emily | okay so FFmpeg 4 is actually known vulnerable now?? | 13:37:30 |
| Jassuko | Sorry, didn't find proper announcement, just the new releases on the release page: https://ffmpeg.org/download.html#releases | 13:38:59 |
| emily | ok, so https://github.com/NixOS/nixpkgs/pull/333021 is waiting for staging | 13:41:20 |
| emily | we're on the latest 4 but the CVE says "A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5" | 13:41:31 |
| emily | so there's no patch for 4? | 13:41:49 |
| emily | let's see if we can backport the commit. anyway, taking this to #security-discuss:nixos.org I guess | 13:42:09 |
|  nyanbinary 🏳️⚧️ left the room. | 17:19:37 |
 tgerbet | networkException: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html | 20:53:38 |
| hexa | networkException, emily | 20:55:46 |
| hexa | bah, too slow | 20:56:00 |
| hexa | excuse me | 20:56:07 |
