| 11 Dec 2024 |
 hexa | https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/ | 16:00:02 |
| hexa | xanderio, leona ^ | 16:01:05 |
| hexa | Redacted or Malformed Event | 16:01:47 |
| hexa | I'm too slow 🙂 | 16:01:49 |
 leona | In reply to @hexa:lossy.network
https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/ there are already two open PRs for that: https://github.com/NixOS/nixpkgs/pull/364213 https://github.com/NixOS/nixpkgs/pull/364219 (24.05 as 'hotter' fix) | 16:01:52 |
|  prusnak left the room. | 18:36:40 |
|  fernsehmuell (he/his) changed their display name from fernsehmuell to fernsehmuell (he/his) DECT: 3376 (fern). | 18:57:11 |
| 12 Dec 2024 |
 Niklas Korz | unless someone's already on it, I'd create two (or three) PRs today:
- unstable: move
matomo to 5.1.2 and alias matomo_5 to matomo (+ release notes)
- 24.11: add knownVulnerabilities to
matomo about EOL and recommend an upgrade to matomo_5 (+ release notes)
- same for 24.05 or should it be skipped because it's EOL in three weeks?
| 08:30:47 |
 tgerbet | Ideally same for 24.05 | 08:33:49 |
 Sandro | If we only would build packages with knowVulnerabilities then we wouldn't need to weigh usability and security against each other | 09:50:42 |
| Niklas Korz | as someone relying on a handful of libolm based services and applications, I tend to agree | 10:05:17 |
 Frank Lanitz | All software is full of unfixed, known issues ;) | 10:09:19 |
 syd installs gentoo (they/them) | Reminder there is also #security-discuss:nixos.org (though I can't join the channel for some reason) | 10:15:55 |
|  Ahurac left the room. | 10:16:08 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 14:33:59 |
| Niklas Korz |
- unstable: https://github.com/NixOS/nixpkgs/pull/364627
- 24.11: https://github.com/NixOS/nixpkgs/pull/364633
- 24.05: https://github.com/NixOS/nixpkgs/pull/364642
| 16:17:22 |
|  @metanoic:matrix.org left the room. | 19:06:45 |
| 15 Dec 2024 |
|  The Photonsphere joined the room. | 08:24:36 |
| 16 Dec 2024 |
|  @ksonj:matrix.org left the room. | 14:59:37 |
| 17 Dec 2024 |
 SigmaSquadron | Hi all. Today, the Xen Project has publicly released CVE-2024-53240 (Xen Security Advisory #465) and CVE-2024-53241 (Xen Security Advisory #466).
We are not affected by the latter: It's a Linux guest issue regarding ret speculations. The Xen patch is just documentation, not hypervisor code. The Linux patches for #466, to the best of my knowledge, are unnecessary, as our kernels are not built with CONFIG_RETHUNK enabled, which mitigates this vulnerability.
We are, however, affected by the former vulnerability (#455) — a hypervisor crash caused by a malicious Linux 6.1+ guest who is allowed to suspend and resume. The issue lies in Xen's Linux guest drivers, not with the hypervisor itself. It's a single patch to drivers/net/xen-netfront.c. Can we get this patched in our kernels? (I know nothing about nixpkgs' kernel infrastructure. Do I just add a patch here?)
| 12:26:40 |
|  tlaurion aka Insurgo [UTC-4] changed their display name from tlaurion aka Insurgo [UTC-4] to tlaurion aka Insurgo [UTC-4] - last crush before holidays!. | 19:19:38 |
| 18 Dec 2024 |
| hexa | https://github.com/FiloSottile/age/releases/tag/v1.2.1 | 15:35:48 |
| hexa | https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c | 15:35:52 |
 adamcstephens | https://github.com/NixOS/nixpkgs/pull/366207 | 16:07:28 |
|  @dmiskovic:matrix.org joined the room. | 19:37:45 |
| 19 Dec 2024 |
| hexa | Redacted or Malformed Event | 15:54:23 |
| hexa | https://www.openwall.com/lists/oss-security/2024/12/19/1 sssd illustris | 15:56:07 |
| hexa | misskey
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5q3h-wpfw-hjjw
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-m2gq-69fp-6hv4
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-7vgr-p3vc-p4h2
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5h8r-gq97-xv69
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v236
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5q3h-wpfw-hjjw
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj
| 15:57:55 |
| hexa | * misskey needs update to 2024.11.0-alpha.3 (sigh)
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5q3h-wpfw-hjjw
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-m2gq-69fp-6hv4
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-7vgr-p3vc-p4h2
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5h8r-gq97-xv69
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v236
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5q3h-wpfw-hjjw
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj
| 15:58:27 |
| hexa | * misskey needs update to 2024.11.0
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5q3h-wpfw-hjjw
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-m2gq-69fp-6hv4
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-7vgr-p3vc-p4h2
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5h8r-gq97-xv69
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-gq5q-c77c-v236
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-5q3h-wpfw-hjjw
- https://github.com/misskey-dev/misskey/security/advisories/GHSA-675w-hf2m-qwmj
| 15:58:58 |
