andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: + | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)
star_cloud has quit [Ping timeout: 240 seconds]
ris has quit [Ping timeout: 265 seconds]
rajivr has joined #nixos-security
cjb has quit []
star_cloud has joined #nixos-security
FRidh has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
cole-h has quit [Ping timeout: 268 seconds]
justanotheruser has quit [Ping timeout: 258 seconds]
Raito_Bezarius has quit [Ping timeout: 258 seconds]
Raito_Bezarius has joined #nixos-security
cole-h has joined #nixos-security
ris has joined #nixos-security
rajivr has quit [Quit: Connection closed for inactivity]
justanotheruser has joined #nixos-security
stigo has quit [Quit: stigo]
stigo has joined #nixos-security
star_cloud has quit [Remote host closed the connection]
star_cloud has joined #nixos-security
star_cloud has quit [Excess Flood]
star_cloud has joined #nixos-security
<ris> considering what to do about - think we'll have to bump httplib2 0.18.1 -> 0.19.0 in 20.09, as the fix for it is... to convert the entire auth header parsing to pyparsing, so there's really no fix other than the big bump
<ris> though it's just a ReDoS, i've got to raise an eyebrow at it being scored 7.5 HIGH
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixos-security
<supersandro2000> they self rated it a medium on github
<hexa-> so be it
<hexa-> unless someone starts paying us for it we'are handling things best effort
<hexa-> this isn't even funny anymore
<{^_^}> python-pillow/Pillow#5377 (by hugovk, 7 hours ago, merged): Security fixes for 8.2.0
<supersandro2000> six more CVEs 😄
<supersandro2000> > This library provides extensive file format support, an efficient internal representation, and fairly powerful image processing capabilities.
<supersandro2000> and extensive bugs apparently
<{^_^}> error: syntax error, unexpected ',', expecting ')', at (string):493:52
cjb has joined #nixos-security
<ris> holy mother of god
supersandro2000 has quit [Remote host closed the connection]
supersandro2000 has joined #nixos-security
<ris> well.. at least they are all just dos
<ris> i'll prepare an 8.2.0 PR
<hexa-> thank you
<hexa-> curl 7.75.0 already breaks nix test
<hexa-> needs someone familiar with what nix-channel does with curl
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-security