#nixos-security on 2019-10-30

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

00:49 justanotheruser has quit [Ping timeout: 240 seconds]

00:50 justanotheruser has joined #nixos-security

01:22 Synthetica has quit [Quit: Connection closed for inactivity]

01:24 ris has quit [Ping timeout: 258 seconds]

05:53 {^_^} has quit [Remote host closed the connection]

05:53 {^_^} has joined #nixos-security

07:01 <ivan> https://cve.circl.lu/cve/CVE-2019-8287 tightvnc

08:34 ckauhaus[afk] is now known as ckauhaus

08:42 <ckauhaus> reviewing PRs for qemu

08:43 <ckauhaus> we have a bump to 4.0.1 in #72236 and a patch for 4.0.0 in #70269

08:43 <{^_^}> https://github.com/NixOS/nixpkgs/pull/72236 (by kmcopper4, 22 hours ago, open): [r19.09] [Security] qemu: 4.0.0 -> 4.0.1

08:43 <{^_^}> https://github.com/NixOS/nixpkgs/pull/70269 (by delroth, 3 weeks ago, open): qemu: apply patch for CVE-2019-13164 [19.09]

08:43 <ckauhaus> I wonder if these should be stacked or if the bump to 4.0.1 already contains a fix for CVE-2019-13164

08:44 <ckauhaus> https://wiki.qemu.org/ChangeLog/4.0 is not very clear

09:07 pie_ has quit [Ping timeout: 240 seconds]

09:08 pie_ has joined #nixos-security

09:08 vesper has joined #nixos-security

09:09 vesper11 has quit [Ping timeout: 268 seconds]

09:13 hmpffff has joined #nixos-security

09:30 Synthetica has joined #nixos-security

09:35 __Sander__ has joined #nixos-security

10:11 FRidh has joined #nixos-security

10:21 ckauhaus is now known as ckauhaus[afk]

10:25 <globin> ckauhaus: could check if the patch still applies?

10:42 tokudan[m] has quit [Write error: Connection reset by peer]

10:42 aanderse has quit [Read error: Connection reset by peer]

10:42 timokau[m] has quit [Write error: Connection reset by peer]

11:04 aanderse has joined #nixos-security

11:20 timokau[m] has joined #nixos-security

11:20 tokudan[m] has joined #nixos-security

11:21 hmpffff has quit [Quit: Bye…]

12:12 aminechikhaoui has quit [Quit: The Lounge - https://thelounge.github.io]

12:17 aminechikhaoui has joined #nixos-security

12:20 ckauhaus[afk] is now known as ckauhaus

12:20 <ckauhaus> globin: patching fails on 4.0.1

13:48 Synthetica has quit [Quit: Connection closed for inactivity]

14:05 <flokli> yes, but how does the code on 4.0.1 look like?

15:08 hmpffff has joined #nixos-security

15:31 filemon_ has joined #nixos-security

15:33 filemon has quit [Ping timeout: 268 seconds]

15:38 filemon__ has joined #nixos-security

15:39 filemon_ has quit [Ping timeout: 265 seconds]

15:40 filemon_ has joined #nixos-security

15:42 filemon__ has quit [Ping timeout: 240 seconds]

15:44 filemon_ has quit [Ping timeout: 240 seconds]

15:45 filemon_ has joined #nixos-security

15:48 filemon__ has joined #nixos-security

15:48 filemon__ has quit [Read error: Connection reset by peer]

15:50 filemon_ has quit [Ping timeout: 265 seconds]

16:31 __Sander__ has quit [Quit: Konversation terminated!]

17:20 hmpffff has quit [Quit: nchrrrr…]

18:31 ris has joined #nixos-security

20:30 FRidh has quit [Quit: Konversation terminated!]

21:23 hmpffff has joined #nixos-security

21:33 ckauhaus has quit [Quit: WeeChat 2.6]

21:54 <ivan> https://github.com/NixOS/nixpkgs/issues/67234#issuecomment-547948346 should look for all similar cases because this could be exploitable