!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

696 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22214 Servers

Load older messages

SenderMessageTime
23 Apr 2026
@paul:koeck.devPaul joined the room.16:12:57
@hythera:matrix.orgHythera joined the room.21:04:24
@hythera:matrix.orgHytheraAll PRs approved by at least one of their respected maintainers; would be nice if someone could take a look at them :) https://github.com/NixOS/nixpkgs/pull/511009 https://github.com/NixOS/nixpkgs/pull/511515 https://github.com/NixOS/nixpkgs/pull/51278121:06:30
@john:matrix.freelock.comJohn joined the room.22:31:28
@gigacode:poa.stgigacode joined the room.23:55:08
24 Apr 2026
@matthewahiles:matrix.orgMatthew Hiles joined the room.00:51:35
27 Apr 2026
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-Riel "old" PR for gdk-pixbuf bump includes a security fix (not clearly outlined in their changelog): https://github.com/NixOS/nixpkgs/pull/507383 14:02:16
@vcunat:matrix.orgvcunatAbout urgency... is it bad for 32-bit systems only?14:10:54
@vcunat:matrix.orgvcunat (thinking of that because of staging-next-25.11 in progress) 14:11:13
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-RielI don't know if I have the knowledge to state for sure, but “64-bit exploitation primitives verified”, just demonstrated on 32-bit?14:12:22
@vcunat:matrix.orgvcunatAh, right. I read the line but missed the "exploitation" word and thus didn't get the meaning.14:13:39
@paul:koeck.devPaul left the room.14:16:56
@vcunat:matrix.orgvcunat Considering the rebuild amount etc, I pulled it to staging-next-25.11 as well. 14:26:18
@ninja:worldethicaldataforum.orgNinja joined the room.14:39:05
@stigo:matrix.orgstigoBtw, if someone feels like merging this: https://github.com/NixOS/nixpkgs/pull/513690 (CryptX rng+fork() bug)19:14:18
28 Apr 2026
@aangularframework:matrix.orgAangularity joined the room.04:38:20
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-Rielhttps://github.com/NixOS/nixpkgs/pull/512192#issuecomment-433911801321:16:29
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2026/04/28/2023:45:11
@whispers:catgirl.cloudwhispers [& it/fae]looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball has the correct line.23:55:36
@whispers:catgirl.cloudwhispers [& it/fae] looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball (decompressed from traceroute/traceroute.c) has the correct line. 23:56:02
@whispers:catgirl.cloudwhispers [& it/fae] looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball (decompressed from traceroute.src) has the correct line. 23:56:12
@whispers:catgirl.cloudwhispers [& it/fae] looks like a non-issue: https://www.openwall.com/lists/oss-security/2026/04/28/22. our source tarball (decompressed from traceroute.src) has the correct line. 23:58:53
29 Apr 2026
@hexa:lossy.networkhexa https://www.openwall.com/lists/oss-security/2026/04/29/1 starman stigo 00:19:07
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/51460100:52:28
@hexa:lossy.networkhexa Scrumplex curl 07:44:43
@hexa:lossy.networkhexaRedacted or Malformed Event07:45:11
@samuel.dionne-riel:cyberus-technology.deSamuel Dionne-Rielhttps://github.com/NixOS/nixpkgs/pull/51406313:01:15
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/514747 <-- perlPackages.TextCSV_XS14:35:51
@brett:librum.orgbrett 💕 joined the room.21:08:26
@stigo:matrix.orgstigohttps://github.com/NixOS/nixpkgs/pull/514896 <-- perlPackages.Plack23:42:27

There are no newer messages yet.

Back to Room ListRoom Version: 6