MichaelRaskin has quit [Quit: MichaelRaskin]
pie___ has joined #nixos-security
pie___ has quit [Remote host closed the connection]
pie___ has joined #nixos-security
pie__ has quit [Ping timeout: 268 seconds]
lejonet has quit [Ping timeout: 250 seconds]
lejonet has joined #nixos-security
ckauhaus has joined #nixos-security
sphalerite has quit [Ping timeout: 252 seconds]
sphalerite has joined #nixos-security
sphalerite has quit [Ping timeout: 264 seconds]
sphalerite has joined #nixos-security
ckauhaus has quit [Quit: WeeChat 2.2]
ckauhaus has joined #nixos-security
ckauhaus has quit [Client Quit]
ckauhaus has joined #nixos-security
<
ckauhaus>
time for another vulnerability roundup
<
ckauhaus>
thanks to vcunat for fixing so many outstanding issues during the last week
<
ckauhaus>
Vulnerability roundup 62: 14 affected packages
<
ckauhaus>
quite a bit
<
ckauhaus>
(was on leave last week)
<
Foxboron>
ckauhaus: Missing CVE-2019-8956
<
Foxboron>
I was thinking of CVE-2019-8912 :p
<
Foxboron>
but both kernel CVEs
<
ckauhaus>
Foxboron: yeah, the kernel is currently not covered by vulnix
<
Foxboron>
that explains it
<
ckauhaus>
adding tickets manually
<
Foxboron>
this is usefull :)
<
{^_^}>
#56373 (by ckauhaus, 10 seconds ago, open): linux-4.20.11: use-after-free vulnerability
<
Foxboron>
upstream patch if you need :)
* Foxboron
not sure about nixos patching policy
<
ckauhaus>
let the pkg maintainer decide
<
ckauhaus>
Foxboron: thanks for pointing the vuln out
<
ckauhaus>
.oO( ... need to extend vulnix )
<
{^_^}>
#56374 (by tokudan, 1 minute ago, open): Issue 56366
<
tokudan[m]>
I'll have a look at wget next
MichaelRaskin has joined #nixos-security
tilpner has quit [Quit: WeeChat 2.4]
tilpner has joined #nixos-security
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-security
tilpner has quit [Quit: WeeChat 2.4]
tilpner has joined #nixos-security
MichaelRaskin has quit [Quit: MichaelRaskin]