<andi-> it is interesting that the page talks about upgrading to 3.26.0 but google upgrade chromium only to 3.25.3 which is already on 18.09
pie___ has joined #nixos-security
pie___ has quit [Remote host closed the connection]
pie___ has joined #nixos-security
pie__ has joined #nixos-security
pie___ has quit [Remote host closed the connection]
<timokau[m]> Given the lack of details we should probably just update 18.09 to 3.26.0 to be safe
ckauhaus has joined #nixos-security
<LnL> the nix db is sqlite
<LnL> I hope there's no way to trigger that
<andi-> well then we just have to rebuild nix and people should update regulary anyway - if they care about security updates at all...
<ckauhaus> AFAICS the attack vector is via user-supplied SQL queries
<ckauhaus> I see no way one could misuse Nix for that
<pie__> is nix vulnerable to sql injection? :
<pie__> :P
<ckauhaus> FWIW I've created a tracking issue: https://github.com/NixOS/nixpkgs/issues/52246
<{^_^}> #52246 (by ckauhaus, 31 seconds ago, open): sqlite: update to 3.26.0
<ckauhaus> we should update anyway
<ckauhaus> ok, time for another vulnerability roundup
<ckauhaus> vulnerability roundup 56 is there: jasper (again), libvncserver, systemd
<ckauhaus> #52248, #52249 #52250
<{^_^}> https://github.com/NixOS/nixpkgs/issues/52248 (by ckauhaus, 3 minutes ago, open): Vulnerability roundup 56: jasper-2.0.14: 1 advisory
<{^_^}> https://github.com/NixOS/nixpkgs/issues/52249 (by ckauhaus, 2 minutes ago, open): Vulnerability roundup 56: libvncserver-0.9.11: 1 advisory
<{^_^}> https://github.com/NixOS/nixpkgs/issues/52250 (by ckauhaus, 2 minutes ago, open): Vulnerability roundup 56: systemd-239: 3 advisories
pie__ has quit [Ping timeout: 250 seconds]
pie__ has joined #nixos-security