!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

692 Members
Coordination and triage of security issues in nixpkgs215 Servers

Load older messages

SenderMessageTime
27 Jun 2024
@mtheil:scs.ems.hostMarkus TheilAlso add patches to 23.11 as asked above?11:14:58
@hexa:lossy.networkhexaplease11:15:10
@hexa:lossy.networkhexaif it is not too big a hassle11:15:27
@mtheil:scs.ems.hostMarkus TheilNo real issue, just asking.11:15:47
@hxr404:tchncs.dehxr404 ✨ [she/her] joined the room.23:32:08
28 Jun 2024
@axiomss:matrix.org@axiomss:matrix.org left the room.04:13:15
29 Jun 2024
@mib:kanp.aimib 🥐 changed their profile picture.22:24:23
30 Jun 2024
@insurgo:matrix.orgtlaurion aka Insurgo [ Timezone: ET ] changed their display name from tlaurion aka Insurgo [UTC-4] to tlaurion aka Insurgo [UTC-4] (Canadian Dominion holiday, back July 2nd).17:28:30
1 Jul 2024
@ar:is-a.catari ❄https://www.openssh.com/releasenotes.html08:35:55
@k900:0upti.meK900Oh no08:37:08
@emilazy:matrix.orgemilydo openssh bumps go to master or staging?08:40:51
@qyliss:fairydust.spaceAlyssa Rossmaster08:41:12
@qyliss:fairydust.spaceAlyssa Rosse.g. https://github.com/NixOS/nixpkgs/pull/29513308:41:22
@k900:0upti.meK900I can do a PR in like 30 08:41:50
@emilazy:matrix.orgemilyI'm building already & can do the PR but I don't know if there's specific procedure around assigning an advisory or whatever08:41:50
@k900:0upti.meK900If no one snipes08:41:53
@k900:0upti.meK900
In reply to @emilazy:matrix.org
I'm building already & can do the PR but I don't know if there's specific procedure around assigning an advisory or whatever
No, just send it 		08:41:57
@k900:0upti.meK900And mention the CVE in the description08:42:04
@emilazy:matrix.orgemilyalright, I'm on it08:42:17
@qyliss:fairydust.spaceAlyssa RossIs there even a CVE?08:42:52
@emilazy:matrix.orgemilyseems like there's not actually a CVE08:42:54
@qyliss:fairydust.spaceAlyssa Rossrelease notes don't mention one08:42:57
@emilazy:matrix.orgemilybut I'll mention it08:42:57
@qyliss:fairydust.spaceAlyssa Rossugh08:42:58
@emilazy:matrix.orgemilydid they even give any prior notice of this?08:44:09
@tgerbet:matrix.orgtgerbetNo it looks like it was reported by Qualys, they likely will publish an advisory later today I guess08:44:47
@ar:is-a.catari ❄gentoo patch mentions CVE-2024-6387 https://github.com/gentoo/gentoo/commit/083d7d12832b91073f5cac94df2ba067495857a708:45:41
@emilazy:matrix.orgemilyhttps://github.com/NixOS/nixpkgs/pull/32375308:45:45
@emilazy:matrix.orgemily
In reply to @ar:is-a.cat
gentoo patch mentions CVE-2024-6387 https://github.com/gentoo/gentoo/commit/083d7d12832b91073f5cac94df2ba067495857a7
thanks, I'll add that 		08:45:55
@emilazy:matrix.orgemilycan someone check the build on linux if ofborg doesn't get to it first?08:48:18

Show newer messages

Back to Room ListRoom Version: 6