#nixos-security on 2019-11-12

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

01:22 <aanderse> so i'm a bit confused here

01:22 <aanderse> https://mariadb.com/kb/en/library/mariadb-10319-release-notes/

01:22 <aanderse> release notes say

01:22 <aanderse> mariadb 10.3.19 has fixes for CVE-2019-2974 and CVE-2019-2938

01:22 <aanderse> but if i look at the cvs

01:22 <aanderse> they mention mysql version only, not mariadb

01:25 ris has quit [Ping timeout: 252 seconds]

01:38 fpletz has quit [Quit: ^D]

03:17 fpletz has joined #nixos-security

05:48 <IdleBot_51f8eb57> aanderse: given the shared code origin, if MariaDB says it is applicable, I would believe them and assume original reporter did not bother to check

07:33 <ivan> cool, https://chromereleases.googleblog.com/feeds/posts/default stopped updating without notice and I missed a release from Nov 6

07:45 ckauhaus[afk] is now known as ckauhaus

07:45 <ckauhaus> aanderse: NVD doesn't get it right from time to time

07:46 <ckauhaus> I'd trust the developers more than NIST

07:48 tilpner_ is now known as tilpner

08:03 <IdleBot_51f8eb57> Hard to say one side is always more reliable, but explicit claim of presence beats the observation of omission

08:35 __Sander__ has joined #nixos-security

08:59 <ckauhaus> true

09:00 <ckauhaus> my experience is that NIST data is of poor quality in many cases - I won't say that we'd distrust them at all time, but a bit a scepticism is appropriate

10:06 __Sander__ has quit [Ping timeout: 268 seconds]

10:30 vesper has quit [Ping timeout: 240 seconds]

10:31 vesper11 has joined #nixos-security

11:07 <Foxboron> I would say "incomplete" instead of "poor quality"

11:08 <Foxboron> That mariadb is also affected by mysql issues isn't something NIST includes unless it's reported with that information

11:53 <aanderse> Thanks all!

12:09 __Sander__ has joined #nixos-security

12:39 timokau[m] has quit [Read error: Connection reset by peer]

12:39 nh2[m] has quit [Write error: Connection reset by peer]

12:39 aanderse has quit [Read error: Connection reset by peer]

12:39 tokudan[m] has quit [Remote host closed the connection]

12:43 kgz has quit [Ping timeout: 250 seconds]

12:46 kgz has joined #nixos-security

13:25 nh2[m] has joined #nixos-security

13:25 timokau[m] has joined #nixos-security

13:26 tokudan[m] has joined #nixos-security

13:26 aanderse has joined #nixos-security

14:06 FRidh has joined #nixos-security

16:41 ckauhaus has quit [Quit: WeeChat 2.6]

16:50 __Sander__ has quit [Quit: Konversation terminated!]

19:02 ris has joined #nixos-security

19:07 <pie_> https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/

20:13 FRidh has quit [Quit: Konversation terminated!]

20:39 <andi-> Video summaries for security patches o.O

21:25 <gchristensen> http://tpm.fail/

21:46 ris has quit [Ping timeout: 240 seconds]

21:47 ris has joined #nixos-security

22:08 <andi-> ok, that might have been the dell firmware update that I got today.

22:28 <gchristensen> oh interesting

22:29 <gchristensen> how did you apply that update, andi-?

22:29 <andi-> gchristensen: fwupd

22:29 <gchristensen> cool

22:29 <gchristensen> I think dell sends *most* but not all firmware updates through that

22:30 <andi-> it updated the thunderbolt controller and some system firmware. It might just have bee the case that I missed the update after the mainboard was replaced last week.

22:30 <andi-> will check that