!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

656 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22203 Servers

Load older messages

SenderMessageTime
5 Dec 2025
@hexa:lossy.networkhexahttps://github.com/hedgedoc/hedgedoc/releases/tag/1.10.423:31:38
@hexa:lossy.networkhexahttps://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 urllib3 (mine)23:31:57
6 Dec 2025
@mdaniels5757:matrix.orgmdaniels5757Already handled: https://github.com/NixOS/nixpkgs/pull/467201, https://github.com/NixOS/nixpkgs/pull/467287, and backports.02:06:34
7 Dec 2025
@robert:funklause.dedotlambdahttps://github.com/NixOS/nixpkgs/pull/460222 doesn't have a backport to 25.05 yet05:23:54
8 Dec 2025
@annaaurora:artemislena.eu@annaaurora:artemislena.eu changed their display name from Anna Aurora 🏴‍☠️ to Anna Aurora (superseded by: @anna:annaaurora.eu).09:21:12
@annaaurora:artemislena.eu@annaaurora:artemislena.eu left the room.09:26:19
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/12/08/1 pdns-recursor14:30:39
@hexa:lossy.networkhexa* https://www.openwall.com/lists/oss-security/2025/12/08/1 pdns-recursor (@rnhmjoj)14:30:56
@teutat3s:pub.solarteutat3shttps://docs.docker.com/engine/release-notes/28/ docker 28.5.2 fixes "three high-severity security vulnerabilities in runc": CVEs CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 https://github.com/NixOS/nixpkgs/pull/46900414:43:21
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2025/q4/253 c-ares17:32:26
@hexa:lossy.networkhexaRedacted or Malformed Event17:32:45
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/46904120:51:42
9 Dec 2025
@hexa:lossy.networkhexaRedacted or Malformed Event01:01:16
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/45594301:01:40
@hexa:lossy.networkhexahttps://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr501:02:19
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/46913001:02:25
@robert:funklause.dedotlambdaNot sure if we have more users of Magick.NET: https://github.com/NixOS/nixpkgs/pull/46916303:20:39
@adam:robins.wtfadamcstephens changed their profile picture.17:25:10
@adam:robins.wtfadamcstephens changed their profile picture.17:48:30
@not-jack:matrix.orgnot-jack joined the room.18:32:04
10 Dec 2025
@robert:funklause.dedotlambdaCVE-2025-66512 fixed in the yet to be released Nextcloud versions 31.0.12 and 32.0.3: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qcw2-p26m-9gc502:59:46
@adam:robins.wtfadamcstephens changed their profile picture.14:49:51
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2025/q4/256 exim pre-advisory15:32:33
11 Dec 2025
@mdaniels5757:matrix.orgmdaniels5757https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html21:43:07
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/469903 chromium21:46:25
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pulls?q=sort%3Aupdated-desc+is%3Apr+%22google-chrome%3A+%22+is%3Amerged+in%3Atitle+base%3Amaster+ google-chrome looks r-ryantm maintained these last months 🫠21:48:33
12 Dec 2025
@whispers:catgirl.cloudwhispers (it/fae) changed their profile picture.04:51:21
@emilazy:matrix.orgemilythis has come up several times, right? may be time for the drop13:14:48
@emilazy:matrix.orgemily cc @me:indeednotjames.com I suppose 13:15:07
@emilazy:matrix.orgemily(oh, this is triage room. didn't mean to imply responsibility)13:15:44

There are no newer messages yet.

Back to Room ListRoom Version: 6