#nixos-security on 2020-11-27

2020-11-04 15:50 andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)

00:06 rajivr has joined #nixos-security

01:52 bridge[evilred] has joined #nixos-security

01:53 ris has quit [Ping timeout: 246 seconds]

02:00 star_cloud has quit [Remote host closed the connection]

02:01 star_cloud has joined #nixos-security

02:11 star_cloud has quit [Excess Flood]

02:12 star_cloud has joined #nixos-security

02:24 {`-`} has joined #nixos-security

04:43 kalbasit has joined #nixos-security

06:01 kalbasit has quit [Ping timeout: 240 seconds]

08:21 FRidh has joined #nixos-security

09:03 tokudan has quit [Read error: Connection reset by peer]

09:04 tokudan has joined #nixos-security

09:04 blitzclone[m] has quit [Ping timeout: 260 seconds]

09:04 blitzclone[m] has joined #nixos-security

13:28 justanotheruser has quit [Ping timeout: 264 seconds]

14:18 dstzd has quit [Quit: ZNC - https://znc.in]

14:18 dstzd has joined #nixos-security

15:09 star_cloud has quit [Remote host closed the connection]

15:09 star_cloud has joined #nixos-security

15:19 star_cloud has quit [Excess Flood]

15:20 star_cloud has joined #nixos-security

15:47 justanotheruser has joined #nixos-security

15:48 <hexa-> https://github.com/NixOS/nixpkgs/pull/105157

15:48 <{^_^}> #105157 (by mweinelt, 10 seconds ago, open): libslirp: fix CVE-2020-29129

16:11 FRidh has quit [Ping timeout: 264 seconds]

16:12 FRidh has joined #nixos-security

16:40 justanotheruser has quit [Ping timeout: 264 seconds]

17:47 star_cloud has quit [Remote host closed the connection]

17:47 star_cloud has joined #nixos-security

17:57 star_cloud has quit [Excess Flood]

17:58 star_cloud has joined #nixos-security

18:35 rajivr has quit [Quit: Connection closed for inactivity]

18:40 MichaelRaskin has joined #nixos-security

18:52 ris has joined #nixos-security

19:39 <hexa-> 20.03 EOL

19:51 <hexa-> closed #102838 #102762 102708, because of EOL and they were not in a state to be mmerged

19:51 <{^_^}> https://github.com/NixOS/nixpkgs/pull/102838 (by redvers, 3 weeks ago, closed): [20.03] ant: 1.10.2 -> 1.10.9 [20.03]

19:51 <{^_^}> https://github.com/NixOS/nixpkgs/pull/102762 (by redvers, 3 weeks ago, closed): [20.03] zsh: 5.7.1 -> 5.8

20:21 FRidh has quit [Quit: Konversation terminated!]

20:37 <hexa-> can someone look into https://github.com/NixOS/nixpkgs/pull/104189 please?

20:37 <{^_^}> #104189 (by mweinelt, 1 week ago, open): [staging-20.09] openldap: 2.4.51 -> 2.4.56

21:18 kalbasit has joined #nixos-security

21:36 julm has quit [Ping timeout: 256 seconds]

21:37 julm has joined #nixos-security

21:50 <hexa-> https://github.com/NixOS/nixpkgs/pull/101608#issuecomment-734996298

21:50 <hexa-> sad :<

21:52 kalbasit has quit [Ping timeout: 256 seconds]

22:14 <infinisil> :/

23:23 <simpson> Heh. Understandable.

23:29 <hexa-> this relates to #105157, which won't apply to qemu until we apply #101608, and would need to be patch separately

23:29 <{^_^}> https://github.com/NixOS/nixpkgs/pull/105157 (by mweinelt, 7 hours ago, open): libslirp: fix CVE-2020-29129

23:29 <{^_^}> https://github.com/NixOS/nixpkgs/pull/101608 (by zowoq, 4 weeks ago, closed): qemu: use shared libslirp instead of vendored

23:30 <simpson> Probably should either redo that PR series or somehow convince zowoq that they're a valued contributor. I know which is easier~