Description: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Description: Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
rajivr has quit [Quit: Connection closed for inactivity]
rajivr has joined #nixos-security
supersandro2000 has quit [Quit: Ping timeout (120 seconds)]
supersandro2000 has joined #nixos-security
cole-h has joined #nixos-security
fabian_a has joined #nixos-security
I noticed that gitlab is somewhat stale in 20.09. It's at 13.6.1 with the current minor version is 13.6.7 which includes security fixes. :( the gitlab-runner is at an even older version. Is the right path here to backport major version upgrades from unstable or to bump the minor versions to the latest we get?
security related things like firefox or synapse the matrix server regularly get security backports
if the gitlab updates are non breaking to existing installations I would try to contact the maintainers and coordinate that
backports are often forgotten because they need to be done manually and many developers are on unstable and do not notice it
ckauhaus has joined #nixos-security
cole-h has quit [Ping timeout: 260 seconds]
fabian_a has quit [Quit: Leaving]
faffolter has joined #nixos-security
julianst[m]: gitlab updates always were a big chunk of manual labor. The updater helped with that, but most of the time, whatever update on master happened was backported to the release branch. I think mostly due to the lack of time to maintain a second "stable" track