| 19 Aug 2024 |
 Alyssa Ross | Looking. | 08:04:56 |
 vcunat | The channel has been unlucky with blockers, and thus it's on a 5 days old commit already. | 08:07:20 |
| Alyssa Ross | I can't get this test to pass locally even on the last commit Hydra built it on. | 08:26:56 |
| vcunat | Some that passed locally now hang for me when --rebuild on the same machine. Not easy to just bisect. | 08:30:29 |
| vcunat | * Some that passed locally now hang for me when --rebuild on the same machine. Not easy to just bisect. Anyway, this channel most likely isn't a good place for the topic now. I'm sorry. | 08:31:14 |
|  @alejandrosame:matrix.org left the room. | 08:51:37 |
|  cafkafk changed their profile picture. | 12:45:29 |
| 20 Aug 2024 |
|  @a12l:matrix.org left the room. | 12:45:09 |
 teutat3s | https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm
https://github.com/NixOS/nixpkgs/pull/336058 | 13:22:49 |
 emily | aha, knownVulnerabilities was just prescience! (taking a look and will merge after confirming aarch64-linux build) | 13:46:07 |
|  ⛧-440729 [sophie raven] (it/its) changed their display name from sophie to ⛧-440729 [sophie] (it/its). | 20:59:39 |
| 22 Aug 2024 |
|  Jared Baur set a profile picture. | 02:07:15 |
 Jassuko | Previously semi-concerning FFmpeg CVEs seem to now have POC RCE published. Probably worth bumping the versions to the safe side rather soon.
https://securityonline.info/cve-2024-7272-critical-heap-overflow-vulnerability-discovered-in-ffmpeg-poc-published/
CVE-2024-7272: Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published | 13:08:28 |
 hexa | emily maybe? | 13:09:29 |
| emily | I think we have all the versions up to date | 13:36:10 |
| emily | at least in staging 🫠 | 13:36:14 |
| emily | I'll check… | 13:36:24 |
| emily | urgh this blogspam, where's the actual upstream announcement | 13:37:10 |
| emily | okay so FFmpeg 4 is actually known vulnerable now?? | 13:37:30 |
| Jassuko | Sorry, didn't find proper announcement, just the new releases on the release page: https://ffmpeg.org/download.html#releases | 13:38:59 |
| emily | ok, so https://github.com/NixOS/nixpkgs/pull/333021 is waiting for staging | 13:41:20 |
| emily | we're on the latest 4 but the CVE says "A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5" | 13:41:31 |
| emily | so there's no patch for 4? | 13:41:49 |
| emily | let's see if we can backport the commit. anyway, taking this to #security-discuss:nixos.org I guess | 13:42:09 |
|  nyanbinary 🏳️⚧️ left the room. | 17:19:37 |
 tgerbet | networkException: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html | 20:53:38 |
| hexa | networkException, emily | 20:55:46 |
| hexa | bah, too slow | 20:56:00 |
| hexa | excuse me | 20:56:07 |
 networkException | we already have a build running | 20:56:21 |
