| 8 Jun 2021 |
 das_j | → #nixos-dev | 12:05:51 |
 hexa | or create an issue here https://github.com/zeebe-io/backport-action | 12:05:54 |
|  julianst joined the room. | 13:25:53 |
| hexa | https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 | 17:01:28 |
| das_j | cross-posting this issue here since it seems to be pretty severe for people using firefox addons: https://github.com/NixOS/nixpkgs/issues/126065#issuecomment-857168329 | 21:28:20 |
| hexa | we are aware and already looking into it | 21:29:57 |
| das_j | thank you, that's great | 21:30:06 |
| hexa | https://github.com/NixOS/nixpkgs/pull/126271 | 21:31:55 |
| hexa | this is not a proper fix, since it introduces a regression into the release | 21:34:07 |
| hexa | but fixing up p11-kit/cacert is going to take a while | 21:34:17 |
| hexa | https://nvd.nist.gov/vuln/detail/CVE-2021-20201 | 22:58:16 |
| hexa | fixed in spice >= 0.14.92, which is not a public release yet | 22:58:40 |
| hexa | https://nvd.nist.gov/vuln/detail/CVE-2020-14355 | 22:59:29 |
| hexa | fixed in spice-gtk >= 0.14.2-1, no public release yet | 22:59:49 |
| 9 Jun 2021 |
| hexa | https://github.com/NixOS/nixpkgs/pull/126291 | 01:34:44 |
 pennae | oh nice, 5th-gen doesn't get updates? :D | 01:52:11 |
|  kranzes left the room. | 13:31:32 |
|  scr1bbles joined the room. | 14:11:15 |
| 10 Jun 2021 |
|  Ekleog joined the room. | 16:25:29 |
| hexa | yeah, I guess our capability of delivering security fixes through staging is fckd because of a lack of darwin builders | 20:15:21 |
| hexa | * yeah, I guess our ability of delivering security fixes through staging is fckd because of a lack of darwin builders | 20:16:15 |
 Sandro | Demote Darwin to level 2? | 21:26:08 |
 Alyssa Ross | x86_64-darwin is tier 2 already | 21:27:09 |
| 11 Jun 2021 |
| hexa | https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ | 00:00:29 |
|  mkg20001 joined the room. | 05:46:14 |
 andi- | Thankfully nobody has mutable users, right? | 08:10:29 |
 Linux Hackerman | Pretty sure there are many other ways to get root via polkit :) | 08:24:22 |
 Henson | because the fix for the polkit bug (https://github.com/NixOS/nixpkgs/pull/125554) is in the form of a patch without any change to the package version string, is there any way for someone to tell whether a particular system has this fix or not? | 11:30:54 |
| pennae | you could check the package version and the store hash that provides the running polkit | 11:32:44 |
| Henson | but the package version will just be 0.118 both with and without the fix, right? | 11:34:11 |
