andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)
ajs124 has quit [Quit: Bridge terminating on SIGTERM]
ajs124 has joined #nixos-security
supersandro2000 has quit [Disconnected by services]
supersandro20000 has joined #nixos-security
justanotheruser has joined #nixos-security
supersandro20000 has quit [Quit: The Lounge - https://thelounge.chat]
supersandro2000 has joined #nixos-security
rajivr has joined #nixos-security
justanotheruser has quit [Ping timeout: 264 seconds]
tv has quit [Ping timeout: 246 seconds]
tv has joined #nixos-security
justanotheruser has joined #nixos-security
justan0theruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 272 seconds]
JJJollyjim has joined #nixos-security
JJJollyjim is now known as Guest67960
Guest67960 has quit [Quit: authenticating]
Guest67960 has joined #nixos-security
Guest67960 has quit [Client Quit]
Guest67960 has joined #nixos-security
cole-h has quit [Ping timeout: 272 seconds]
sphalerite_ is now known as sphalerite
Guest67960 has quit [Quit: authenticating]
Guest67960 has joined #nixos-security
Guest67960 is now known as JJJollyjim
JJJollyjim has quit [Client Quit]
Guest26650 has joined #nixos-security
Guest26650 has quit [Client Quit]
Guest26650 has joined #nixos-security
Guest26650 has quit [Client Quit]
<Foxboron> >Impact: SSL cert not verified by default
<Foxboron> Probably the highlight. In the middle of the list as well :D
<hexa-> yeah
<andi-> python and not validating certs properly. Who would have guessed :D (You have to do all kinds of validation as the library doesn't do anything besides "is signed and not expired")
<ajs124> At least they're getting themselves a CVE, unlike some projects.
<Foxboron> They are used in enterprise environments so they would loose quite a bit of money if they didn't
<ajs124> Seems like inverse inc (the people developing the SOGo groupware) never got that memo
cole-h has joined #nixos-security
justanotheruser has joined #nixos-security
justan0theruser has quit [Ping timeout: 272 seconds]
rajivr has quit [Quit: Connection closed for inactivity]
justan0theruser has joined #nixos-security
justanotheruser has quit [Ping timeout: 260 seconds]
justanotheruser has joined #nixos-security
justan0theruser has quit [Ping timeout: 272 seconds]
cole-h has quit [Ping timeout: 265 seconds]