| 10 Sep 2024 |
 raboof | * we should probably post something about the Nix vulnerability, right? something like
"There's a vulnerability in Nix 2.24.
If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently installed nix using the Determinate Systems installer then you need to double-check. A fix is expected in version 2.24.6 which is to be released in the morning.
GHSA-h4vv-h3jq-v493
#NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt) | 06:55:18 |
| raboof | * we should probably post something about the Nix vulnerability, right? something like
"There's a vulnerability in Nix 2.24.
If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the Determinate Systems installer then you need to double-check. A fix is expected in version 2.24.6 which is to be released in the morning.
GHSA-h4vv-h3jq-v493
#NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt) | 06:59:18 |
 @paperdigits:matrix.org | Shouldn't DetSys post about their installer? | 07:03:04 |
| raboof | Yes, they should, but the problem is not in their installer, it's in the released nix versions | 07:04:10 |
| raboof | * Yes, they should (and do), but the problem is not in their installer, it's in the released nix versions | 07:04:24 |
| raboof | 'luckily' (i.e. thanks to the reporters) that version hasn't hit nixpkgs yet, and I'm not aware of other distribution mechanisms that'd have it, but there might be | 07:06:00 |
| @paperdigits:matrix.org | The link to puckipedia above 404s since I guess matrix is bad at parsing URLs | 07:07:17 |
| raboof | oh, it works in my client (element-desktop) 😆 | 07:09:57 |
| raboof | * we should probably post something about the Nix vulnerability, right? something like
"There's a vulnerability in Nix 2.24.
If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the Determinate Systems installer then you need to double-check. A fix is expected in version 2.24.6 which is to be released soon.
GHSA-h4vv-h3jq-v493
#NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt) | 07:14:48 |
| raboof | * we should probably post something about the Nix vulnerability, right? something like
"There's a vulnerability in Nix 2.24.
If you're using nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the nix (not NixOS) installers then you need to double-check. A fix is expected in version 2.24.6 which is to be released soon.
GHSA-h4vv-h3jq-v493
#NixOS #security" (about https://status.determinate.systems/incidents/1js0r53719f4 https://puckipedia.com/7hkj-98sq/qixt) | 07:20:39 |
| @paperdigits:matrix.org | Also on mastodon they've already retooted you ;) | 07:20:56 |
