gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
<aanderse> so i'm a bit confused here
<aanderse> release notes say
<aanderse> mariadb 10.3.19 has fixes for CVE-2019-2974 and CVE-2019-2938
<aanderse> but if i look at the cvs
<aanderse> they mention mysql version only, not mariadb
ris has quit [Ping timeout: 252 seconds]
fpletz has quit [Quit: ^D]
fpletz has joined #nixos-security
<IdleBot_51f8eb57> aanderse: given the shared code origin, if MariaDB says it is applicable, I would believe them and assume original reporter did not bother to check
<ivan> cool, https://chromereleases.googleblog.com/feeds/posts/default stopped updating without notice and I missed a release from Nov 6
ckauhaus[afk] is now known as ckauhaus
<ckauhaus> aanderse: NVD doesn't get it right from time to time
<ckauhaus> I'd trust the developers more than NIST
tilpner_ is now known as tilpner
<IdleBot_51f8eb57> Hard to say one side is always more reliable, but explicit claim of presence beats the observation of omission
__Sander__ has joined #nixos-security
<ckauhaus> true
<ckauhaus> my experience is that NIST data is of poor quality in many cases - I won't say that we'd distrust them at all time, but a bit a scepticism is appropriate
__Sander__ has quit [Ping timeout: 268 seconds]
vesper has quit [Ping timeout: 240 seconds]
vesper11 has joined #nixos-security
<Foxboron> I would say "incomplete" instead of "poor quality"
<Foxboron> That mariadb is also affected by mysql issues isn't something NIST includes unless it's reported with that information
<aanderse> Thanks all!
__Sander__ has joined #nixos-security
timokau[m] has quit [Read error: Connection reset by peer]
nh2[m] has quit [Write error: Connection reset by peer]
aanderse has quit [Read error: Connection reset by peer]
tokudan[m] has quit [Remote host closed the connection]
kgz has quit [Ping timeout: 250 seconds]
kgz has joined #nixos-security
nh2[m] has joined #nixos-security
timokau[m] has joined #nixos-security
tokudan[m] has joined #nixos-security
aanderse has joined #nixos-security
FRidh has joined #nixos-security
ckauhaus has quit [Quit: WeeChat 2.6]
__Sander__ has quit [Quit: Konversation terminated!]
ris has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
<andi-> Video summaries for security patches o.O
<gchristensen> http://tpm.fail/
ris has quit [Ping timeout: 240 seconds]
ris has joined #nixos-security
<andi-> ok, that might have been the dell firmware update that I got today.
<gchristensen> oh interesting
<gchristensen> how did you apply that update, andi-?
<andi-> gchristensen: fwupd
<gchristensen> cool
<gchristensen> I think dell sends *most* but not all firmware updates through that
<andi-> it updated the thunderbolt controller and some system firmware. It might just have bee the case that I missed the update after the mainboard was replaced last week.
<andi-> will check that