#nixos-security on 2020-03-12

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

00:32 kleisli has joined #nixos-security

01:25 anselmolsm has quit [Quit: Konversation terminated!]

02:13 _ris has joined #nixos-security

02:15 ris has quit [Ping timeout: 258 seconds]

02:43 infinisil has quit [Ping timeout: 256 seconds]

02:46 justanotheruser has quit [Ping timeout: 265 seconds]

02:53 infinisil has joined #nixos-security

03:21 <danderson> libsass 2xCVE fix: https://github.com/NixOS/nixpkgs/pull/82377

03:21 <{^_^}> #82377 (by danderson, 31 minutes ago, open): libsass: 3.6.1 -> 3.6.3

03:21 <danderson> unfortunately triggers a very large rebuild, and needs ports to 19.09 and 20.03.

03:22 infinisil has quit [Ping timeout: 256 seconds]

03:24 justanotheruser has joined #nixos-security

03:38 infinisil has joined #nixos-security

04:25 _ris has quit [Ping timeout: 258 seconds]

06:05 <danderson> if anyone with issue tracker permissions has a moment, could you go over this list: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%221.severity%3A+security%22+sort%3Aupdated-desc+commenter%3Adanderson

06:06 <danderson> I've been triaging and a lot of those issues can be closed. I commented on those that should be closed.

06:06 <danderson> (it's not all this list, but most of the issues in that list have a comment where I explain why it should be closed. Usually already patched or not applicable.

08:11 FRidh has joined #nixos-security

10:15 kleisli_ has joined #nixos-security

10:17 kleisli has quit [Ping timeout: 260 seconds]

10:27 kleisli has joined #nixos-security

10:28 kleisli_ has quit [Ping timeout: 255 seconds]

10:48 kleisli has quit [Ping timeout: 256 seconds]

16:09 FRidh has quit [Remote host closed the connection]

16:10 FRidh has joined #nixos-security

16:20 anselmolsm has joined #nixos-security

16:24 anselmolsm_ has joined #nixos-security

16:26 anselmolsm has quit [Ping timeout: 256 seconds]

16:29 anselmolsm has joined #nixos-security

16:33 anselmolsm_ has quit [Ping timeout: 260 seconds]

16:35 <danderson> Reminder, in a new timezone: could someone with issue tracker permissions go through https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%221.severity%3A+security%22+sort%3Aupdated-desc+commenter%3Adanderson and close the bugs where my last comment says the bug can be closed?

16:35 <danderson> It should be 10-12 of the 14 bugs. Lots of n/a or already fixed CVE alerts.

16:37 <danderson> (or give me permissions to edit issues, if that's separable from commit access, and I'll close obsolete bugs myself :) )

16:38 kleisli has joined #nixos-security

17:25 anselmolsm has quit [Ping timeout: 256 seconds]

18:12 anselmolsm has joined #nixos-security

18:15 anselmolsm_ has joined #nixos-security

18:18 anselmolsm has quit [Ping timeout: 240 seconds]

18:42 _ris has joined #nixos-security

19:28 <andi-> danderson: I'll try to do that laster tonight or tomorrow morning

19:28 <andi-> (EU TZ)

19:30 <danderson> andi-: thanks!

19:54 FRidh has quit [Quit: Konversation terminated!]

22:05 kleisli has quit [Ping timeout: 255 seconds]

22:53 kleisli has joined #nixos-security

23:11 <andi-> https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html & https://github.com/NixOS/nixpkgs/pull/80492#issuecomment-598471799

23:14 <danderson> Yay! If nobody beats me to it, I'll prepare backport PRs tonight after work.

23:15 <danderson> Is there a bug open to track?

23:15 <andi-> not yet just opened my mail after a few hours of other stuff..

23:16 <danderson> heh, sorry for enthusiasm. I'll be back in a couple hours

23:47 <andi-> I'll head to bed and be back in ~9h or so... hope to have some time to go throught the current issues then