gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
Synthetica has quit [Quit: Connection closed for inactivity]
ris has quit [Ping timeout: 258 seconds]
FRidh has quit [Quit: Konversation terminated!]
FRidh has joined #nixos-security
zarel has quit [Quit: ZNC 1.7.4 - https://znc.in]
zarel has joined #nixos-security
filemo8 has joined #nixos-security
filemo8 has quit [K-Lined]
<fpletz> while working on building all packages with the new gcc9 stack clash protection flag, I found this comprehensive post from red hat about gcc hardening flags and which ones they are using: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
<fpletz> probably of interest for some people in here :)
<gchristensen> oh nice, fpletz!
<tokudan[m]> I see that firefox has been updated, but firefox-bin is still missing the fix
<tokudan[m]> I see an update.nix containing an update script... but how do I use it?
Synthetica has joined #nixos-security
<tokudan[m]> found it, i'll open a PR in a minute
<{^_^}> #77373 (by tokudan, 7 minutes ago, open): firefox-bin: 72.0 -> 72.0.1 [security] CVE-2019-17026
<{^_^}> #77374 (by tokudan, 2 minutes ago, open): firefox-bin: 72.0 -> 72.0.1 [security] CVE-2019-17026 [19.09]
<tokudan[m]> yep, just created those
<flokli> ^ andi-
<andi-> can't review them right now
<tokudan[m]> effectively it's only a version number change and updated checksums. the 19.09 version is working on my system, so I guess they're pretty much safe to merge
zarel has quit [Ping timeout: 240 seconds]
zarel has joined #nixos-security
{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
Synthetica has quit [Quit: Connection closed for inactivity]
ris has joined #nixos-security
justanotheruser has quit [Ping timeout: 258 seconds]
justanotheruser has joined #nixos-security