!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

661 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22205 Servers

Load older messages

SenderMessageTime
15 Jan 2026
@goodboy:matrix.orglord_fomoRedacted or Malformed Event16:00:14
@leona:leona.isleonaRedacted or Malformed Event16:04:27
@hexa:lossy.networkhexaRedacted or Malformed Event16:04:36
@goodboy:matrix.orglord_fomoRedacted or Malformed Event16:35:07
@magic_rb:matrix.redalder.orgmagic_rbRedacted or Malformed Event16:35:33
@goodboy:matrix.orglord_fomoRedacted or Malformed Event16:36:22
@tasiaiso:catgirl.cloudtasia joined the room.16:38:57
16 Jan 2026
@marcel:envs.net@marcel:envs.net left the room.00:52:23
@tgerbet:matrix.orgtgerbet glibc @ma27:nicht-so.sexy: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 https://github.com/NixOS/nixpkgs/issues/480802 https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0002 20:35:28
@ma27:nicht-so.sexyma27I'll have dinner first and then prepare a patch.20:50:59
@ma27:nicht-so.sexyma27 https://github.com/NixOS/nixpkgs/pull/480822, 25.11 will follow later or tomorrow. 22:12:32
@k900:0upti.meK900So uh22:14:50
@k900:0upti.meK900Do we scrap the cycle22:14:52
@k900:0upti.meK900 I guess #Staging 22:15:00
17 Jan 2026
@vcunat:matrix.orgvcunatlibpng: https://github.com/NixOS/nixpkgs/pull/48093807:50:45
@jopejoe1:matrix.orgjopejoe1 (4094@epvpn) joined the room.10:26:36
@eveeifyeve:matrix.org@eveeifyeve:matrix.org joined the room.13:25:01
@eveeifyeve:matrix.org@eveeifyeve:matrix.org left the room.13:32:09
18 Jan 2026
@andmuz:matrix.org@andmuz:matrix.org left the room.13:34:37
@nam3l33ss:matrix.org·☽•Nameless☆•777 · ± changed their profile picture.14:58:44
@balabala888:matrix.orgNightfan joined the room.17:42:00
20 Jan 2026
@wim:dewith.iowfdewith changed their display name from Wim de With to wfdewith.10:45:07
@wim:dewith.iowfdewithfreerdp: https://github.com/NixOS/nixpkgs/pull/48191210:45:16
@teutat3s:pub.solarteutat3smastodon: https://github.com/mastodon/mastodon/releases/tag/v4.5.5 | one high DoS vuln with a score of 7.5/1017:12:18
@teutat3s:pub.solarteutat3s* mastodon: https://github.com/mastodon/mastodon/releases/tag/v4.5.5 | one high DoS vuln with a score of 7.5/10 | https://github.com/mastodon/mastodon/security/advisories/GHSA-gg8q-rcg7-p79g17:13:00
@teutat3s:pub.solarteutat3shttps://github.com/NixOS/nixpkgs/pull/48202123:29:06
21 Jan 2026
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2026/q1/98 bind916:34:03
@ma27:nicht-so.sexyma27

another one for glibc: https://www.openwall.com/lists/oss-security/2026/01/20/3

will do the patching tomorrow, off to bed now.

22:19:43
@ma27:nicht-so.sexyma27

There is no known application impact for this CVE, and the feature is generally non-functional with the two flags.

doesn't seem too bad anyways
(from https://sourceware.org/bugzilla/show_bug.cgi?id=33814)

22:21:09
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/48246423:12:35

There are no newer messages yet.

Back to Room ListRoom Version: 6