07:19 <andi-> marek: open a PR and link it here :)

08:07 <marek> andi-: ok, cherry picked from staging to master, https://hydra.nixos.org/eval/1538851

08:07 <marek> https://github.com/NixOS/nixpkgs/pull/67550

08:07 <{^_^}> #67550 (by mmahut, 20 seconds ago, open): python2: CVE-2018-20852 forwarding to master

08:28 <andi-> marek: to add to my reply earlier: It will appear on master eventually (after days/weeks). In cases like these it is probably fine to merge it into master since there is a potential impact for users. (Just think someone using a python based webbrowser etc..)

08:28 <andi-> I'll wait for ofborg before hitting the merge button

08:28 <andi-> marek: does that also apply for 19.03?

08:39 <marek> andi-: it's just of medium priority, debian fixed it only in jessie, so we might want to backport it

08:40 <andi-> If the patch applies I see no reason not to fix it where we can

08:40 <marek> I will see if it does

08:49 <ivan> tilpner: the risk comes mostly from the software itself, so just convince an upstream to take buggy code and then bump the version in nixpkgs

19:10 <xorAxAx> .