!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

747 Members
Coordination and triage of security issues in nixpkgs228 Servers

Load older messages

SenderMessageTime
2 Jul 2021
@hexa:lossy.networkhexajust so that the state of these things becomes more visible18:31:15
@philipp:xndr.dephilippMaybe a separate room just for them?18:32:25
@hexa:lossy.networkhexamaybe a separate room for the chit chat? 😊18:32:52
@balsoft:balsoft.rubalsoftI would love a room with advisories18:32:54
@hexa:lossy.networkhexaI don't mind either18:33:06
@hexa:lossy.networkhexa
getxmp() was added in Pillow 8.2.0. It will now use defusedxml instead. If the dependency is not present, an empty dictionary will be returned and a warning raised.
18:33:28
@hexa:lossy.networkhexaalas we are not propagating defusedxml there18:33:53
@hexa:lossy.networkhexauh, not ours strictly I guess18:34:08
@hexa:lossy.networkhexajust things we find18:34:12
@hexa:lossy.networkhexa * just things we find, and need to remember to take care of18:34:20
@hexa:lossy.networkhexabut sure, we could have an advisory channel, with moderated posts to the pr trackers I guess18:44:38
@hexa:lossy.networkhexaso not advisories per se, but "here is this security related pr, take note"18:45:14
@_xmpp_julm=40sourcephile.fr:matrix.orgjulm joined the room.18:52:24
5 Jul 2021
@bcdarwin:matrix.orgbcdarwin joined the room.02:54:12
@jceb:matrix.orgjceb joined the room.11:21:13
@hexa:lossy.networkhexahttps://nodejs.org/en/blog/vulnerability/july-2021-security-releases/19:01:50
@hexa:lossy.networkhexaare we on top of those?19:01:53
@hexa:lossy.networkhexathe mitre CVE for libuv is still RSVD. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2291819:02:23
@hexa:lossy.networkhexarelates to this commit https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d97163182919:02:45
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/129360 now we do19:18:56
@hexa:lossy.networkhexa * https://github.com/NixOS/nixpkgs/pull/129360 now we are19:19:00
@spacesbot:nixos.devspacesbot - keeps a log of public NixOS channels joined the room.19:19:39
@hexa:lossy.networkhexa * relates to this commit https://github.com/libuv/libuv/commit/b7466e31e4bee160d82a68fca11b1f61d46debae19:19:39
@hexa:lossy.networkhexanow still wondering if we use the vendored libuv in our node package: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d97163182919:19:52
@hexa:lossy.networkhexalooks like we don't.19:20:56
@spacesbot:nixos.devspacesbot - keeps a log of public NixOS channels 19:49:33
@ncfavier:matrix.orgnf changed their profile picture.23:32:34
6 Jul 2021
@nurelin:matrix.orgnurelin joined the room.11:42:30
@hexa:lossy.networkhexahttps://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x13:59:28
@hexa:lossy.networkhexa * https://nvd.nist.gov/vuln/detail/CVE-2021-32718 https://nvd.nist.gov/vuln/detail/CVE-2021-3271914:00:22

Show newer messages

Back to Room ListRoom Version: 6