gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
<andi-> marek: open a PR and link it here :)
<marek> andi-: ok, cherry picked from staging to master, https://hydra.nixos.org/eval/1538851
<{^_^}> #67550 (by mmahut, 20 seconds ago, open): python2: CVE-2018-20852 forwarding to master
<andi-> marek: to add to my reply earlier: It will appear on master eventually (after days/weeks). In cases like these it is probably fine to merge it into master since there is a potential impact for users. (Just think someone using a python based webbrowser etc..)
<andi-> I'll wait for ofborg before hitting the merge button
<andi-> marek: does that also apply for 19.03?
<marek> andi-: it's just of medium priority, debian fixed it only in jessie, so we might want to backport it
<andi-> If the patch applies I see no reason not to fix it where we can
<marek> I will see if it does
<ivan> tilpner: the risk comes mostly from the software itself, so just convince an upstream to take buggy code and then bump the version in nixpkgs
pie_ has quit [Ping timeout: 264 seconds]
xorAxAx has quit [Quit: Idle timeout reached: 172800s]
xorAxAx has joined #nixos-security
<xorAxAx> .
pie_ has joined #nixos-security