{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nixos-security
mmercier has joined #nixos-security
__Sander__ has joined #nixos-security
ckauhaus has joined #nixos-security
r5d has joined #nixos-security
erictapen has joined #nixos-security
erictapen has quit [Ping timeout: 252 seconds]
erictapen has joined #nixos-security
erictapen has quit [Quit: leaving]
erictapen has joined #nixos-security
__Sander__ has quit [Quit: Konversation terminated!]
erictapen has quit [Quit: leaving]
pie_ has joined #nixos-security
mmercier has quit [Quit: mmercier]
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-security
c0bw3b_ has joined #nixos-security
MichaelRaskin has joined #nixos-security
<ckauhaus> uh-oh
<ckauhaus> It'll probably take a while until a patch for VirtualBox will be available
<pie_> i havent been on irc in a week...do i want to know what i missed
<ckauhaus> heh
<pie_> i...what? binutils rce? how does that even work?
<pie_> i mean why is it "network" category
<ckauhaus> hm
<ckauhaus> it's not clear to me what you're talking about
<pie_> yeah that was very not specific, sorry; see for example https://nvd.nist.gov/vuln/detail/CVE-2018-7568 "Access Vector (AV): Network "
<pie_> huh looks like thats some cvss 2.0 thing, the 3.0 column next to it says local
<pie_> i guess weird interactions between however those things are defined and the bugs?
<pie_> s/things/categories/
<ckauhaus> don't trust the information in the NVD to be accurate
<ckauhaus> I've found lots of errors in it over time
<pie_> i think it was like this for all th ebfd cves listed
<ckauhaus> w.r.t. binutils... someone tried to patch 2.30 which is included in 18.09
<ckauhaus> I don't know the exact state of affairs, but IIRC the whole things needs a bit of review and input
<ckauhaus> see #47128 and specifically #41042
<{^_^}> https://github.com/NixOS/nixpkgs/issues/47128 (by ckauhaus, 6 weeks ago, open): binutils: upgrade to 2.31.x
<{^_^}> https://github.com/NixOS/nixpkgs/pull/41042 (by ThomasMader, 23 weeks ago, open): binutils: Apply patches from 2.30 branch
<pie_> inb4 binutils is a catastrophe :P
<pie_> i remember a couple years ago someone was like "wow you know strings uses libbfd so you actually have a big library that can be exploited right?"
<ckauhaus> heh
{^_^} has quit [Read error: Connection reset by peer]
{^_^} has joined #nixos-security
c0bw3b_ has left #nixos-security [#nixos-security]
erictapen has joined #nixos-security