#nixos-security on 2019-07-19

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

00:29 ris has quit [Ping timeout: 252 seconds]

05:48 ekleog has quit [Read error: Connection reset by peer]

05:50 ekleog has joined #nixos-security

06:52 <pie_> nice

07:44 pie_ has quit [Ping timeout: 252 seconds]

07:53 <marek> I need a hand with https://github.com/NixOS/nixpkgs/pull/64909, the CVE fixes a possible zip bomb, but it now breaks some zip tests for other packages

07:53 <{^_^}> #64909 (by mmahut, 2 days ago, merged): unzip: CVE-2019-13232

07:56 <marek> I wonder what is the best way forward, unzip is going to have this anyway, so fixing the test is the right way in my opinion

10:31 pie_ has joined #nixos-security

10:32 pie_ has quit [Remote host closed the connection]

10:32 pie_ has joined #nixos-security

14:58 justanotheruser has quit [Ping timeout: 244 seconds]

15:18 justanotheruser has joined #nixos-security

16:03 andi- has quit [Remote host closed the connection]

16:05 andi- has joined #nixos-security

16:10 andi- has quit [Remote host closed the connection]

16:10 andi- has joined #nixos-security

16:11 andi- has quit [Client Quit]

16:13 andi- has joined #nixos-security

16:52 andi- has quit [Remote host closed the connection]

16:52 andi- has joined #nixos-security

16:53 andi- has quit [Client Quit]

16:55 andi- has joined #nixos-security

16:56 andi- has quit [Client Quit]

17:00 andi- has joined #nixos-security

17:01 andi- has quit [Client Quit]

17:02 andi- has joined #nixos-security

17:03 andi- has quit [Client Quit]

17:04 andi- has joined #nixos-security

17:05 andi- has quit [Client Quit]

17:06 andi- has joined #nixos-security

17:07 andi- has quit [Client Quit]

17:07 andi- has joined #nixos-security

17:08 andi- has quit [Client Quit]

17:09 andi- has joined #nixos-security

19:28 tokudan has quit [Quit: ZNC 1.7.3 - https://znc.in]

19:31 tokudan has joined #nixos-security

19:34 ghuntley has joined #nixos-security

20:00 <ghuntley> hey folks, check out https://github.com/NixOS/nixpkgs/issues/65105. What if we used the GitHub security advisories functionality?

20:00 <{^_^}> #65105 (by ghuntley, 4 minutes ago, open): Use GitHub for NixOS security advisories

20:14 <andi-> The problem is getting there. E.g. having a reliable diff of things that we are delivering (and which commit fixed it, when the channel version is released, …).

20:15 <andi-> one thing we have to tackle is creating visibility for people that there is work to do

20:15 <andi-> The other is properly reviewing that getting it merged

20:15 <andi-> +and

20:16 <andi-> At the moment we somewhat fail somewhere between the first and second