#nixos-security on 2021-02-26

2020-11-04 15:50 andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)

00:04 ajs124 has quit [Quit: Bridge terminating on SIGTERM]

00:05 ajs124 has joined #nixos-security

00:43 supersandro2000 has quit [Disconnected by services]

00:43 supersandro20000 has joined #nixos-security

01:07 justanotheruser has joined #nixos-security

01:38 supersandro20000 has quit [Quit: The Lounge - https://thelounge.chat]

01:38 supersandro2000 has joined #nixos-security

02:08 rajivr has joined #nixos-security

03:18 justanotheruser has quit [Ping timeout: 264 seconds]

03:31 tv has quit [Ping timeout: 246 seconds]

03:33 tv has joined #nixos-security

04:06 justanotheruser has joined #nixos-security

05:15 justan0theruser has joined #nixos-security

05:18 justanotheruser has quit [Ping timeout: 272 seconds]

07:27 JJJollyjim has joined #nixos-security

07:27 JJJollyjim is now known as Guest67960

07:46 Guest67960 has quit [Quit: authenticating]

07:46 Guest67960 has joined #nixos-security

07:46 Guest67960 has quit [Client Quit]

07:46 Guest67960 has joined #nixos-security

08:20 cole-h has quit [Ping timeout: 272 seconds]

08:22 sphalerite_ is now known as sphalerite

09:44 Guest67960 has quit [Quit: authenticating]

09:45 Guest67960 has joined #nixos-security

09:45 Guest67960 is now known as JJJollyjim

09:45 JJJollyjim has quit [Client Quit]

09:45 Guest26650 has joined #nixos-security

09:47 Guest26650 has quit [Client Quit]

09:47 Guest26650 has joined #nixos-security

09:47 Guest26650 has quit [Client Quit]

09:58 <hexa-> https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/

10:05 <Foxboron> >Impact: SSL cert not verified by default

10:05 <Foxboron> Probably the highlight. In the middle of the list as well :D

10:37 <hexa-> yeah

13:40 <andi-> python and not validating certs properly. Who would have guessed :D (You have to do all kinds of validation as the library doesn't do anything besides "is signed and not expired")

13:50 <ajs124> At least they're getting themselves a CVE, unlike some projects.

13:53 <Foxboron> They are used in enterprise environments so they would loose quite a bit of money if they didn't

14:18 <ajs124> Seems like inverse inc (the people developing the SOGo groupware) never got that memo

17:32 cole-h has joined #nixos-security

18:09 justanotheruser has joined #nixos-security

18:09 justan0theruser has quit [Ping timeout: 272 seconds]

18:14 rajivr has quit [Quit: Connection closed for inactivity]

21:05 justan0theruser has joined #nixos-security

21:09 justanotheruser has quit [Ping timeout: 260 seconds]

21:48 justanotheruser has joined #nixos-security

21:51 justan0theruser has quit [Ping timeout: 272 seconds]

22:16 cole-h has quit [Ping timeout: 265 seconds]