!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

743 Members
Coordination and triage of security issues in nixpkgs230 Servers

Load older messages

SenderMessageTime
6 Jul 2021
@hexa:lossy.networkhexa * https://nvd.nist.gov/vuln/detail/CVE-2021-32718 https://nvd.nist.gov/vuln/detail/CVE-2021-32719 both regarding rabbitmq-server, which is quite a bit behind14:00:45
@hexa:lossy.networkhexaand CVE-2021-3598 in openexr, working on an update right now: https://github.com/AcademySoftwareFoundation/openexr/pull/103714:02:53
@hexa:lossy.networkhexa * and CVE-2021-3598 in openexr, working on an update right now: https://github.com/AcademySoftwareFoundation/openexr/pull/1037, the CVE for this is still reserved.14:03:12
@7c6f434c:nitro.chat7c6f434c left the room.15:48:56
@hexa:lossy.networkhexa * and CVE-2021-3598 in openexr<s>, working on an update right now:</s>https://github.com/AcademySoftwareFoundation/openexr/pull/1037, the CVE for this is still reserved.16:19:02
@hexa:lossy.networkhexa * and CVE-2021-3598 in openexr~~, working on an update right now:~~ https://github.com/AcademySoftwareFoundation/openexr/pull/1037, the CVE for this is still reserved.16:19:13
@hexa:lossy.networkhexa * and CVE-2021-3598 in openexr https://github.com/AcademySoftwareFoundation/openexr/pull/1037, the CVE for this is still reserved.16:19:22
@linus.heckemann:matrix.mayflower.deLinux Hackerman <del> :) 16:19:21
@hexa:lossy.networkhexa * and CVE-2021-3598 in openexr, which I'm working on right now: https://github.com/AcademySoftwareFoundation/openexr/pull/1037, the CVE for this is still reserved. 16:19:40
@hexa:lossy.networkhexathanks!16:19:44
@hexa:lossy.networkhexaopenexr requires some cmake knowledge to update, which I don't have16:20:14
@linus.heckemann:matrix.mayflower.deLinux HackermanHm, where? The derivation looks straightforward to em16:21:43
@linus.heckemann:matrix.mayflower.deLinux Hackerman * Hm, where? The derivation looks straightforward to me16:21:44
@hexa:lossy.networkhexahttps://github.com/AcademySoftwareFoundation/openexr/commit/6442fb71a86c09fb0a8118b6dbd93bcec4883a3c16:24:34
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/openexr/default.nix#L2616:25:11
@linus.heckemann:matrix.mayflower.deLinux Hackermanoh, and that patch no longer applies?16:25:14
@hexa:lossy.networkhexaneither on 2.5.7 nor on 3.0.516:25:28
@linus.heckemann:matrix.mayflower.deLinux Hackermanaah ok. I'll take a look16:25:42
@linus.heckemann:matrix.mayflower.deLinux Hackermanhttps://github.com/AcademySoftwareFoundation/openexr/pull/815 hm looks like it was merged so we can probably remove it.16:26:16
@linus.heckemann:matrix.mayflower.deLinux Hackermanor not :)16:28:40
@hexa:lossy.networkhexa
/nix/store/qdf49mvm79r83n9c9s7pkmmjqwhrw8jv-stdenv-linux/setup: line 88: cd: IlmBase: No such file or directory
16:29:11
@linus.heckemann:matrix.mayflower.deLinux Hackermanhttps://github.com/NixOS/nixpkgs/pull/12946216:40:39
@linus.heckemann:matrix.mayflower.deLinux Hackermanhm wait that might not be quite right.16:42:23
@hexa:lossy.networkhexaheh, weird. I remember that failing for me on staging-21.05 as well16:42:34
@linus.heckemann:matrix.mayflower.deLinux Hackermansince it was only merged into 3.x16:42:38
@hexa:lossy.networkhexaalso please target staging16:42:42
@hexa:lossy.networkhexahttps://github.com/AcademySoftwareFoundation/openexr/pull/103716:44:10
@hexa:lossy.networkhexathis pr was tagged with v2.5.7, and the release notes for that release mentions two oss-fuzz fixes16:44:31
@linus.heckemann:matrix.mayflower.deLinux HackermanYeah jtojnar's fix doesn't affect the build of openexr, it affects the builds of dependencies, so I'll forward-port his patch16:46:02
@linus.heckemann:matrix.mayflower.deLinux Hackerman * Yeah jtojnar's fix doesn't affect the build of openexr, it affects the builds of dependencies, so I'll backport his patch16:46:05

Show newer messages

Back to Room ListRoom Version: 6