andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)
ris has quit [Ping timeout: 264 seconds]
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-security
rajivr has joined #nixos-security
<{^_^}> #115472 (by TredwellGit, 26 minutes ago, open): glibc: 2.32-37 -> 2.32-39
<hexa-> hm
<hexa-> >> The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
<hexa-> doesn't sound too bad
<hexa-> the diff for the 2-32-master.patch.gz is "Empty file"
<hexa-> uh-huh
{`-`} is now known as {`-`}_
{`-`}_ has joined #nixos-security
asymmetric_ has joined #nixos-security
Willi_Butz has joined #nixos-security
^_ has joined #nixos-security
migy has joined #nixos-security
danderson has quit [*.net *.split]
flx has quit [*.net *.split]
WilliButz has quit [*.net *.split]
lassulus has quit [*.net *.split]
tv has quit [*.net *.split]
V has quit [*.net *.split]
maljub01 has quit [*.net *.split]
asymmetric has quit [*.net *.split]
{`-`} has quit [*.net *.split]
asymmetric_ is now known as asymmetric
maljub012 is now known as maljub01
tv has joined #nixos-security
lassulus has joined #nixos-security
danderson has joined #nixos-security
Foxboron has quit [Ping timeout: 260 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 260 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 265 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 265 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 246 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 276 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 246 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 276 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 265 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 265 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 246 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 256 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 246 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 246 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 245 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 246 seconds]
Foxboron has joined #nixos-security
Foxboron has quit [Ping timeout: 264 seconds]
Foxboron has joined #nixos-security
cole-h has quit [Ping timeout: 260 seconds]
^_ is now known as V
IdleBot_1c746da8 has joined #nixos-security
edef has quit [Ping timeout: 272 seconds]
edef has joined #nixos-security
IdleBot_9d07f448 has quit [Ping timeout: 272 seconds]
<simpson> Hm. If this keeps happening when folks look under the hood of any C application... Maybe the Qubes folks were onto something.
<gchristensen> yeah like maybe the answer isn't to decide to sandbox individual programs when they're found to behave badly
<simpson> By coincidence, https://lobste.rs/s/3efzcx/half_curl_s_vulnerabilities_are_c is at the top of Lobsters.
<hexa-> we already marked p7zip as insecure, abandoned and unfree back in 2020/04
<gchristensen> nice
<hexa-> when you have to pull security fixes from a community forum from posts by arbitrary people
<andi-> Are you saying GitHub PRs? :P
<andi-> (that are never merged)
<hexa-> uh
<hexa-> nice
<hexa-> at least you can fetchpatch them :P
<andi-> Should have the same level of scrunity tho..
<hexa-> yep
ris has joined #nixos-security
rajivr has quit [Quit: Connection closed for inactivity]
<supersandro2000> arch uses https://github.com/jinfeihan57/p7zip
<supersandro2000> maybe a bit better than really bad
<andi-> Foxboron can probably comment on that
<Foxboron> yooo
<Foxboron> I can ask evangelos for why they used that fork if it helps :)
<supersandro2000> so only darwin with apfs and windows should be affected.
<Foxboron> anyone mounting ntfs under linux as well?
justanotheruser has quit [Ping timeout: 272 seconds]
justanotheruser has joined #nixos-security
cole-h has joined #nixos-security