| 15 Jun 2024 |
 hexa | can you poke #macos:nixos.org? | 21:35:09 |
|  @fack:cyberia.club left the room. | 21:51:56 |
| 16 Jun 2024 |
 vcunat | Isn't that affecting only if you use the libcurl as a SOCKS5 proxy? (server side) Or am I reading it wrong? | 06:10:00 |
 bedridden | I believe so, but I am no security expert. https://www.tenable.com/cve/CVE-2023-38545 has a references to few different updates (even ones from Apple updating curl version), so it seems rather important. | 09:58:11 |
| bedridden | That said, I was told in #macos:nixos.org that this issue doesn't affect nixos-24.05 (which I also verified and seems to be the case), so it might be an issue only on nixos-23.11 darwin (haven't yet verified this one). | 09:59:28 |
 ilex | https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-4 | 13:07:30 |
| hexa | @emily
| 13:26:27 |
 emily | ? | 13:26:53 |
| hexa | Forgejo | 13:27:52 |
| emily | already in nixos-unstable-small and nixos-24.05-small. so what is left to do besides marking forgejo as insecure in 23.11?
(though it can be argued over if that CVE is actually all that bad)
| 13:29:50 |
 @adam:robins.wtf | they did cut a 1.21 release too, but marking as insecure in 23.11 is fine with me :) | 13:33:10 |
| emily | 23.11 is on 1.20, not 1.21.
and in the old gitea versioning those are major releases.
| 13:35:11 |
| emily | do you have time to open a PR for this? EOL+vulnerable? | 13:35:44 |
| @adam:robins.wtf | yeah i have a few minutes | 13:36:32 |
