gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
hmpffff has joined #nixos-security
pietranera has joined #nixos-security
<pietranera> Hi all, FTR the icedtea_web team has released the fixes to a bunch of serious CVEs (https://www.openwall.com/lists/oss-security/2019/07/31/2) a couple of days ago in version 1.8.3 (https://github.com/AdoptOpenJDK/IcedTea-Web/commit/6b2d51873acc745016311712074fde89a629ccb8). AFAICT Nix ships with version 1.7.1 (https://github.com/NixOS/nixpkgs/commit/ede066dfcc024342cfca566512852e54c655320e April 2018). I don't know whether it'd b
<pietranera> e worth backporting to the stable channels or mark 1.7.1 as insecure and update only unstable. Thanks for your hard work on Nix/NixOS!
<andi-> pietranera: if those patches apply (with a minimal effort) on 1.7.x then we should backport them
<gchristensen> if they don't apply we should decide on either backporting,or marking insecure
<andi-> I would like to have someone that atually knows Java (these days) to make a call on that tho… I have not idea what changed between 1.7, 1.8 or whatever and the changelog is likely not enough for an outsiders.
<pietranera> I can try and have a look (I know some Java, though it's not my main programming language), but I can't commit to a specific timeline.
<marek> anyone againts merging this to master? https://github.com/NixOS/nixpkgs/pull/65668
<{^_^}> #65668 (by mmahut, 4 days ago, open): wavpack: CVE-2019-1010317 CVE-2019-1010319
justanotheruser has quit [Quit: WeeChat 2.4]
justanotheruser has joined #nixos-security
pietranera has quit [Quit: Leaving.]
hmpffff has quit [Quit: Bye…]
<pie_> hm, guess i wont get withpackages stuff into 19.09
<pie_> (oops wrong chan)
<samueldr> this sounds pretty bad
<pie_> is this windows shortcut vulns all oer again
<samueldr> oof
<pie_> "Disable shell expansion / dynamic entries for [Desktop Entry] configurations." how does one do that
<samueldr> you just have to Disable shell expansion / dynamic entries for [Desktop Entry] configurations.
tokudan has quit [Quit: ZNC 1.7.3 - https://znc.in]
<pie_> yeah but how...
tokudan has joined #nixos-security