#nixos-security on 2019-06-16

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

05:17 <gchristensen> marek: can you issue a backport PR with `git cherry-pick -x the-commits-hash` (in this case, a4e6261173a18d9e0cb2f02b73fb7fbae91ecaaf)

05:17 <gchristensen> on to release-19.03

06:57 <marek> gchristensen: from the CVE I understand only version 4.0.0 (which is unstable for us) is affected

06:58 <marek> gchristensen: https://nvd.nist.gov/vuln/detail/CVE-2019-12155#vulnCurrentDescriptionTitle can you check this just in case? I assumed they would mention "all versions" or "until 4.0.1"?

07:11 <marek> gchristensen: ok - that is not the case :) the file is there in 3.0.1 too, so I assumed it is affected as well PR done https://github.com/NixOS/nixpkgs/pull/63188

07:11 <{^_^}> #63188 (by mmahut, 18 seconds ago, open): qemu: CVE-2019-12155

07:37 <gchristensen> ah okay

19:10 Synthetica has joined #nixos-security

20:15 justanotheruser has quit [Quit: WeeChat 2.4]

20:29 justanotheruser has joined #nixos-security

21:37 tilpner has quit [Quit: WeeChat 2.4]

21:44 tilpner has joined #nixos-security

22:19 Synthetica has quit [Quit: Connection closed for inactivity]

22:42 justanotheruser has quit [Ping timeout: 245 seconds]

22:43 justanotheruser has joined #nixos-security