!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

656 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22204 Servers

Load older messages

SenderMessageTime
2 Dec 2025
@hexa:lossy.networkhexa if we cannot fix them we tend to mark as vulnerable, yes. better kept in #security-discuss:nixos.org 22:42:28
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2025/q4/22822:50:38
@hexa:lossy.networkhexa* https://seclists.org/oss-sec/2025/q4/228 vim 22:50:52
@hexa:lossy.networkhexa cc Philip Taron (UTC-8) 22:51:04
@hexa:lossy.networkhexablargh, windows only22:51:21
@hexa:lossy.networkhexa🪟22:51:33
3 Dec 2025
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2025/q4/229 xorg.xkbcomp (1.4.7 -> 1.5.0)10:19:30
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2025/12/03/5 libpng 1.6.52 vcunat 21:13:44
@vcunat:matrix.orgvcunatDoesn't seem critical and it will be a big rebuild, so I'm in no rush for today.23:10:53
@hexa:lossy.networkhexashould be in the next staging cycle still23:28:39
4 Dec 2025
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/46775307:19:26
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/46776608:15:50
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/12/04/3 webkitgtk 2.50.315:22:27
@leona:leona.isleonahttps://github.com/NixOS/nixpkgs/pull/467875 apacheHttpd16:54:55
5 Dec 2025
@mdaniels5757:matrix.orgmdaniels5757Now realizing I let these pile up:03:42:37
@mdaniels5757:matrix.orgmdaniels5757Security update approved by maintainer, needs merge: https://github.com/NixOS/nixpkgs/pull/466669 and https://github.com/NixOS/nixpkgs/pull/46670203:43:00
@mdaniels5757:matrix.orgmdaniels5757No approvals for these: https://github.com/NixOS/nixpkgs/pull/466677 https://github.com/NixOS/nixpkgs/pull/465816 https://github.com/NixOS/nixpkgs/pull/466341 https://github.com/NixOS/nixpkgs/pull/465846 03:46:09
@mdaniels5757:matrix.orgmdaniels5757Backports/release branch PRs: https://github.com/NixOS/nixpkgs/pull/466999 https://github.com/NixOS/nixpkgs/pull/466128 https://github.com/NixOS/nixpkgs/pull/466127 https://github.com/NixOS/nixpkgs/pull/465969 https://github.com/NixOS/nixpkgs/pull/46729403:47:08
@mdaniels5757:matrix.orgmdaniels5757And finally, unreviewed (and unfortunately harder a bit harder to review, because the version bumps needed included an in-tree formatter bump, sorry): https://github.com/NixOS/nixpkgs/pull/46538903:48:07
@mdaniels5757:matrix.orgmdaniels5757Jfc thats a lot03:48:15
@hexa:lossy.networkhexa https://github.com/hedgedoc/hedgedoc/pull/6196 soon. Sandro 🐧 22:30:29
@qubitnano:matrix.orgqubitnanoRedacted or Malformed Event22:30:57
@hexa:lossy.networkhexaRedacted or Malformed Event22:31:32
@hexa:lossy.networkhexa * qubitnano: is this security relevant? 22:31:53
@qubitnano:matrix.orgqubitnanoRedacted or Malformed Event22:32:21
@hexa:lossy.networkhexahttps://groups.google.com/g/golang-announce/c/8FJoBkPddm4 golang23:31:25
@hexa:lossy.networkhexahttps://github.com/hedgedoc/hedgedoc/releases/tag/1.10.423:31:38
@hexa:lossy.networkhexahttps://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 urllib3 (mine)23:31:57
6 Dec 2025
@mdaniels5757:matrix.orgmdaniels5757Already handled: https://github.com/NixOS/nixpkgs/pull/467201, https://github.com/NixOS/nixpkgs/pull/467287, and backports.02:06:34
7 Dec 2025
@robert:funklause.dedotlambdahttps://github.com/NixOS/nixpkgs/pull/460222 doesn't have a backport to 25.05 yet05:23:54

There are no newer messages yet.

Back to Room ListRoom Version: 6