!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

644 Members
Coordination and triage of security issues in nixpkgs205 Servers

Load older messages

SenderMessageTime
6 Dec 2024
@ahurac:chat.ahur.acAhurac joined the room.12:30:28
@scrumplex:duckhub.ioScrumplexhigh Python vulnerability 👀 https://www.cve.org/CVERecord?id=CVE-2024-12254 https://github.com/python/cpython/pull/12765617:41:18
@scrumplex:duckhub.ioScrumplexRelevant patch for 3.12: https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b517:42:26
@hexa:lossy.networkhexameh17:42:35
@scrumplex:duckhub.ioScrumplexyeah not sure why this is over 817:42:43
@magic_rb:matrix.redalder.orgmagic_rb(i was expecting worse)17:42:45
@scrumplex:duckhub.ioScrumplex * yeah not sure why this has a score over 817:42:55
@magic_rb:matrix.redalder.orgmagic_rb * (i was expecting worse, great SNR)17:43:04
@hexa:lossy.networkhexabdraco++17:43:15
@hexa:lossy.networkhexa https://github.com/NixOS/nixpkgs/pull/362523 18:13:05
@robert:funklause.dedotlambdahttps://github.com/Kludex/python-multipart/security/advisories/GHSA-59g5-xgcq-4qw3 fixed in https://github.com/NixOS/nixpkgs/pull/36255820:53:24
8 Dec 2024
@shawn8901:matrix.orgshawn8901 set a profile picture.19:21:34
9 Dec 2024
@tomodachi94:matrix.orgTomodachi94 (they/them)https://matrix.to/#/#dev:nixos.org/$1QE9j5UPzFb-qL02MAvSbSzX-0UspFEc5FBEtqH8y8s23:33:10
@tomodachi94:matrix.orgTomodachi94 (they/them)
This Matomo update has a "high impact security fix" that came out more than two months ago: > https://github.com/NixOS/nixpkgs/pull/363621
23:33:27
@tomodachi94:matrix.orgTomodachi94 (they/them)
This Matomo update has a "high impact security fix" that came out more than two months ago: https://github.com/NixOS/nixpkgs/pull/363621
23:33:32
@tomodachi94:matrix.orgTomodachi94 (they/them)(oh, nevermind, already merged)23:33:53
10 Dec 2024
@niklaskorz:korz.devNiklas Korz joined the room.19:28:21
@niklaskorz:korz.devNiklas Korz backport to 24.05 is still open: https://github.com/NixOS/nixpkgs/pull/363869 19:29:14
@hexa:lossy.networkhexa Niklas Korz: I browsed the matomo changelog and commit log a bit, but I didn't find anything on whether matomo 4.x is affected 21:07:54
@hexa:lossy.networkhexaand since matomo defaults to 4.16.1 on nixos-24.05 we must know or else21:12:12
@hexa:lossy.networkhexaugh, same for nixos-24.11? 🫠21:12:43
@hexa:lossy.networkhexa5.0 was released in 2023-12 — WHYYYYY21:13:44
@hexa:lossy.networkhexahttps://endoflife.date/matomo21:13:59
@hexa:lossy.networkhexaLTS support ends in 9 days21:14:11
@hexa:lossy.networkhexa👏21:14:17
@niklaskorz:korz.devNiklas Korz yeah I was surprised about that as well 😅 21:24:35
@hexa:lossy.networkhexawe need some kind of remediation here21:24:56
@hexa:lossy.networkhexaworst case we mark 4.x as knownvulnerable and make people migrate to 521:25:14
@hexa:lossy.networkhexa * worst case we mark 4.x as knownvulnerable "eol" and make people migrate to 521:25:22
11 Dec 2024
@scrumplex:duckhub.ioScrumplexhttps://github.com/NixOS/nixpkgs/pull/364160 https://curl.se/docs/CVE-2024-11053.html08:09:30

Show newer messages

Back to Room ListRoom Version: 6