| 26 Mar 2026 |
 ma27 | also checking if 25.11 is affected (I think so). can I target -next-25.11 oder rather staging? | 16:41:01 |
 vcunat | -linux is over 40% rebuilt in there, so unless it's critical... | 17:11:44 |
| vcunat | * -linux is over 40% rebuilt in there, so unless it's critical, I'd choose staging-25.11. | 17:12:00 |
| vcunat | * -linux is over 40% rebuilt in there, so unless it's really urgent, I'd choose staging-25.11. | 17:12:14 |
| vcunat | The description doesn't sound serious to me, at a quick read:
https://sourceware.org/bugzilla/show_bug.cgi?id=34014#c0 | 17:15:27 |
| ma27 | agreed. it's also not even on the 2.40 release branch 🤷 | 17:17:33 |
| vcunat | I honestly don't get it. A prerequisite is that your configured DNS resolver is malicious. And the impact is that answer returned by that resolver is interpreted incorrectly? I guess I'm too tired today? | 17:17:46 |
| 27 Mar 2026 |
 dish [Fox/It/She] | manual backport of the last 3 nats-server releases to fix a few security issues for it on release-25.11 https://github.com/NixOS/nixpkgs/pull/503952 | 04:52:26 |
| dish [Fox/It/She] | (by a few, I mean a lot, there's over 10 issues open from sectracker rn) | 04:52:50 |
| dish [Fox/It/She] | none of the open issues affect master branch since it's on the latest release that has fixes for all known issues that are on nixpkgs' security tracker | 04:55:16 |
| vcunat | I'd say it has security aspects, but no idea about severity:
https://github.com/NixOS/nixpkgs/pull/503869 | 06:20:31 |
| ma27 | grafana security updates: https://github.com/NixOS/nixpkgs/pull/504009, https://github.com/NixOS/nixpkgs/pull/504014 (25.11) | 10:33:43 |
|  Moved to @sashanoraa:matrix.org changed their display name from Sashanoraa.gay (she/her, ze/zir) to Moved to @sashanoraa:matrix.org. | 15:27:45 |
| dish [Fox/It/She] | https://github.com/NixOS/nixpkgs/pull/504174 closes 6 security issues for tandoor-recipes | 17:58:25 |
| 28 Mar 2026 |
 Alyssa Ross | Whether this is an mbedtls security fix depends on how much you trust in ad-hoc identification and workarounds of each instance of a systemic problem, I suppose, but people in here might like to be aware of it https://github.com/NixOS/nixpkgs/pull/504318 | 08:19:38 |
 K900 | Ewwwww | 08:24:30 |
| K900 | That's just UB no? | 08:24:37 |
 emily | https://github.com/wolfSSL/wolfssl/releases/tag/v5.9.0-stable | 18:04:14 |
| emily | three high-severity CVEs and a bunch of others, no PR after ten days 🫠| 18:04:28 |
| emily | it's used in only 9 other packages and I'm about to make that 8. perhaps we should consider dropping. maybe tgerbet has input since he had to do the last update. (but #security-discuss:nixos.org for that ofc) | 18:05:21 |
| emily | oh, very sorry, it was already merged… ignore me | 18:06:26 |
| 29 Mar 2026 |
|  arcayr changed their profile picture. | 11:15:53 |
| 30 Mar 2026 |
|  @rosssmyth:matrix.org joined the room. | 18:03:53 |
|  Samuel Dionne-Riel joined the room. | 21:31:06 |
| 31 Mar 2026 |
|  felixalb joined the room. | 07:37:08 |
|  prince213 joined the room. | 13:05:21 |
| prince213 | https://github.com/NixOS/nixpkgs/pull/505344 | 13:10:37 |
| prince213 | 1 medium | 13:12:14 |
| 1 Apr 2026 |
| dish [Fox/It/She] | https://github.com/jellyfin/jellyfin/releases/tag/v10.11.7 | 01:50:10 |
| dish [Fox/It/She] | 4 security issues fixed, JF team says they're critical to get fixed and details to be released in 14 days | 01:50:52 |
