| 22 Mar 2024 |
|  @bumperboat:matrix.org changed their display name from bumperboat (UTC+8 when) to bumperboat (UTC+8). | 15:02:10 |
 felschr | https://github.com/NixOS/nixpkgs/pull/298196
This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms.
| 23:14:01 |
| 23 Mar 2024 |
|  SomeoneSerge (matrix works sometimes) changed their display name from SomeoneSerge (hash-versioned python modules when) to SomeoneSerge (migrating synapse). | 02:11:06 |
| felschr | * https://github.com/NixOS/nixpkgs/pull/298196
https://github.com/NixOS/nixpkgs/pull/298202
This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms.
| 10:50:21 |
| 24 Mar 2024 |
 hexa | https://gnutls.org/security-new.html#GNUTLS-SA-2023-12-04 | 11:05:08 |
| hexa | * https://gnutls.org/security-new.html#GNUTLS-SA-2023-12-04 vcunat | 11:07:44 |
 tgerbet | Unstable here https://github.com/NixOS/nixpkgs/pull/297657
Taking a look for the backport to stable, looks like the file has been nixpkgs-fmted | 11:12:44 |
| hexa | ah thanks, for some reason I missed it when I checked the version on staging | 11:17:38 |
| tgerbet | https://github.com/NixOS/nixpkgs/pull/298604 | 11:19:29 |
 Alyssa Ross | Seems to regress musl :( | 14:31:41 |
| 25 Mar 2024 |
|  ネコ joined the room. | 00:12:11 |
| ネコ | hey i found a way to put nulls in strings, unsure if that has security implications, but it should probably be an error? | 00:14:04 |
| ネコ | unsure if i should open an issue on github? could this be used for some sort of buffer overflow attack? idk | 00:15:48 |
|  @admin:nixos.org joined the room. | 00:23:10 |
| hexa | can you explain more in #security-discuss:nixos.org | 00:23:58 |
| hexa | * can you explain more in #security-discuss:nixos.org? | 00:24:04 |
| @admin:nixos.org left the room. | 00:30:35 |
 ris_ | https://github.com/NixOS/nixpkgs/pull/297547 | 20:14:15 |
| hexa | wow, this looks like code copy pasted from home-assistant 😄 | 20:30:09 |
| hexa | which can be explained because bdraco was involved | 20:30:32 |
| 26 Mar 2024 |
| hexa | https://webkitgtk.org/security/WSA-2024-0002.html Jan Tojnar | 03:22:18 |
|  @linucifer:envs.net joined the room. | 19:09:13 |
 pinpox | Not sure if this is the right place to ask, but are current NixOS versions impacted by https://github.com/Notselwyn/CVE-2024-1086 ? | 20:33:53 |
 K900 | Mo | 20:34:38 |
| K900 | * No | 20:34:45 |
| K900 |
The exploit affects versions from (including) v5.14 to (including) v6.6, excluding patched branches v5.15.149>, v6.1.76>, v6.6.15>
| 20:35:11 |
