#nixos-security on 2020-09-03

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

00:37 ris has quit [Ping timeout: 258 seconds]

01:26 tldr32 has quit [Ping timeout: 256 seconds]

01:38 rajivr has joined #nixos-security

04:00 tldr32 has joined #nixos-security

05:03 justanotheruser has quit [Quit: WeeChat 2.7.1]

05:04 justanotheruser has joined #nixos-security

05:21 justanotheruser has quit [Quit: WeeChat 2.7.1]

05:22 justanotheruser has joined #nixos-security

06:50 justanotheruser has quit [Ping timeout: 265 seconds]

16:13 justanotheruser has joined #nixos-security

17:03 ris has joined #nixos-security

17:58 justanotheruser has quit [Ping timeout: 256 seconds]

18:25 * ris is getting tempted to merge #96196 without any approval as it's been kicking around a bit now

18:25 <{^_^}> https://github.com/NixOS/nixpkgs/pull/96196 (by risicle, 1 week ago, open): [20.03] ghostscript: add patch for CVE-2020-15900

18:25 <ris> along with the rest of my simple backports

18:26 <ris> actually #95990 is a big rebuild

18:26 <{^_^}> https://github.com/NixOS/nixpkgs/pull/95990 (by risicle, 1 week ago, open): [20.03] nghttp2: add patch for CVE-2020-11080

18:27 <ris> and #95102 isn't particularly straightforward

18:27 <{^_^}> https://github.com/NixOS/nixpkgs/pull/95102 (by risicle, 3 weeks ago, open): [20.03] openexr,imlbase: 2.3.0 -> 2.4.2 to fix numerous security issues

18:35 justanotheruser has joined #nixos-security

18:37 rajivr has quit [Quit: Connection closed for inactivity]

18:48 sphalerite has quit [Quit: WeeChat 2.6]

18:58 sphalerite has joined #nixos-security

20:25 <tokudan> #97044 fixes a critical issue in gnupg in master. according to the announce email, older versions as in 20.03 are not affected.

20:25 <{^_^}> https://github.com/NixOS/nixpkgs/pull/97044 (by tokudan, 59 seconds ago, open): gnupg: 2.2.21 -> 2.2.23 [security]

20:25 <tokudan> announcement email: https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html

20:53 <tokudan> seems that there's already a similar PR in #97034, not sure what the best PR to merge is

20:53 <{^_^}> https://github.com/NixOS/nixpkgs/pull/97034 (by doronbehar, 2 hours ago, open): gnupg: 2.2.22 -> 2.2.23

21:17 tokudan has quit [Remote host closed the connection]

21:20 tokudan has joined #nixos-security

21:21 tokudan has quit [Remote host closed the connection]

21:22 tokudan has joined #nixos-security

22:38 julm has quit [Ping timeout: 260 seconds]

23:06 julm has joined #nixos-security