gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
justanotheruser has quit [Quit: WeeChat 2.4]
justanotheruser has joined #nixos-security
<pie__> not really a nixos issue but I dont really have much other security people to talk to; I haven't looked at HTTP/2 much but my initial impression is HTTP got a lot more complicated https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md it might be an interesting exercise to see if theres any design principles that would make the issues (haven't read through yet) in this CVE preventable
<pie__> oh tl;dr: something about a bunch of DoS vulnerabilities in http/2 implementations
marek has quit [Ping timeout: 268 seconds]
pie__ has quit [Ping timeout: 252 seconds]
pie_ has joined #nixos-security
justanotheruser has quit [Ping timeout: 268 seconds]
justanotheruser has joined #nixos-security
justanotheruser has quit [Quit: WeeChat 2.4]
justanotheruser has joined #nixos-security
swapgs has quit [Ping timeout: 245 seconds]
<flokli> could somebody take a look at https://github.com/NixOS/nixpkgs/pull/66621 and https://github.com/NixOS/nixpkgs/pull/66622 ? They fix some scary gitlab cve
<{^_^}> #66621 (by flokli, 6 hours ago, open): gitlab-ce: 12.0.3 -> 12.1.6
<{^_^}> #66622 (by flokli, 6 hours ago, open): [19.03] gitlab updates
WilliButz has quit [Quit: WeeChat 2.5]
WilliButz has joined #nixos-security
tv has quit [Ping timeout: 246 seconds]
lassulus has quit [Ping timeout: 268 seconds]