gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
rajivr has joined #nixos-security
kleisli has joined #nixos-security
kleisli has quit [Ping timeout: 260 seconds]
kleisli has joined #nixos-security
FRidh has joined #nixos-security
justanotheruser has quit [Ping timeout: 260 seconds]
LnL has quit [Ping timeout: 256 seconds]
kleisli has quit [Ping timeout: 260 seconds]
<ris> #95499
<{^_^}> https://github.com/NixOS/nixpkgs/pull/95499 (by risicle, 2 minutes ago, open): pythonPackages.asyncpg: 0.20.1 -> 0.21.0 (fixing CVE-2020-17446)
MichaelRaskin has joined #nixos-security
<hexa-> not yet disclosed at mitre/nvd etc.
<hexa-> against net-snmp
<ris> what with the 20.09 freeze approaching, i guess the most productive thing to do is to check for CVEs in master that can be fixed by version bumps, save us from having to go down the patching route once they get into stable
justanotheruser has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
rajivr has quit [Quit: Connection closed for inactivity]
<ris> #95518
<{^_^}> https://github.com/NixOS/nixpkgs/pull/95518 (by risicle, 2 minutes ago, open): [r20.03] pythonPackages.asyncpg: add patch for CVE-2020-17446
kleisli has joined #nixos-security
kleisli has quit [Ping timeout: 244 seconds]
kleisli has joined #nixos-security
kleisli has quit [Quit: Leaving]
<ris> #95537
<{^_^}> https://github.com/NixOS/nixpkgs/pull/95537 (by risicle, 23 seconds ago, open): sigil: 0.9.14 -> 1.3.0, addressing CVE-2019-14452
<hexa-> someone is on fire