#nixos-security on 2021-04-19

2020-11-04 15:50 andi- changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh | Currently supported releases: unstable (master), 20.09, 20.03 (until 27th of November)

00:17 star_cloud has quit [Ping timeout: 240 seconds]

00:23 <supersandro2000> NVD rates it a 9.8 but gnutls has a low severity https://nvd.nist.gov/vuln/detail/CVE-2021-20231

00:26 star_cloud has joined #nixos-security

00:38 * lukegb I guess we need to pull in https://gitlab.com/gnutls/gnutls/-/commit/15beb4b193b2714d88107e7dffca781798684e7e

00:39 <lukegb> or just bump to 3.7.1, I guess

00:39 <lukegb> which we're... already at?

00:46 jpo has quit [Ping timeout: 268 seconds]

00:47 jpo has joined #nixos-security

01:26 <supersandro2000> yeah. Didn't check that. I thought when the CVE is from today it surely isn't fixed yet.

02:56 supersandro2000 has quit [Remote host closed the connection]

02:57 supersandro2000 has joined #nixos-security

03:49 rajivr has joined #nixos-security

05:54 cole-h has quit [Ping timeout: 252 seconds]

06:18 cjb has quit []

09:19 Synthetica has joined #nixos-security

11:40 <hexa-> openssh 8.6 is out

11:41 <hexa-> supersandro2000: NVD Published Date:

11:41 <hexa-> 03/12/2021

11:41 <hexa-> not sure how it is "from today"

11:54 <hexa-> https://www.openwall.com/lists/oss-security/2021/04/19/1

11:54 <hexa-> Subject: Announce: OpenSSH 8.6 released

12:07 <hexa-> https://access.redhat.com/security/cve/cve-2021-20297

12:07 <hexa-> > A flaw was found in NetworkManager. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.

12:07 <{^_^}> error: syntax error, unexpected IN, expecting ')', at (string):494:18

12:11 <hexa-> updating to 1.30.4 on master

12:19 star_cloud has quit [Ping timeout: 246 seconds]

12:33 <hexa-> and 1.26.8 on release-20.09

14:47 star_cloud has joined #nixos-security

15:36 <supersandro2000> hexa-: 🤦 read the wrong date. derp

17:24 rajivr has quit [Quit: Connection closed for inactivity]

18:02 cole-h has joined #nixos-security

18:21 star_cloud has quit [Ping timeout: 260 seconds]

18:33 star_cloud has joined #nixos-security

20:37 midchildan has quit [Ping timeout: 250 seconds]

20:38 nh2 has quit [Ping timeout: 245 seconds]

20:39 midchildan has joined #nixos-security

20:39 nh2 has joined #nixos-security

23:05 <hexa-> clamav backports https://github.com/NixOS/nixpkgs/pull/119909

23:05 <{^_^}> #119909 (by mweinelt, 1 minute ago, open): [20.09] clamav: 0.102.4 -> 0.103.2

23:29 Synthetica has quit [Quit: Connection closed for inactivity]

23:34 cjb has joined #nixos-security

23:38 supersandro2000 is now known as Guest61649

23:38 Guest61649 has quit [Killed (hitchcock.freenode.net (Nickname regained by services))]

23:38 supersandro2000 has joined #nixos-security