NixOS Security Triage - Public Room Timeline

	NixOS Security Triage	655 Members
	Coordination and triage of security issues in nixpkgs \| Discussions in #security-discuss:nixos.org \| Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22	203 Servers

Load older messages

Sender	Message	Time
4 Dec 2025
leona	https://github.com/NixOS/nixpkgs/pull/467875 apacheHttpd	16:54:55
5 Dec 2025
mdaniels5757	Now realizing I let these pile up:	03:42:37
mdaniels5757	Security update approved by maintainer, needs merge: https://github.com/NixOS/nixpkgs/pull/466669 and https://github.com/NixOS/nixpkgs/pull/466702	03:43:00
mdaniels5757	No approvals for these: https://github.com/NixOS/nixpkgs/pull/466677 https://github.com/NixOS/nixpkgs/pull/465816 https://github.com/NixOS/nixpkgs/pull/466341 https://github.com/NixOS/nixpkgs/pull/465846	03:46:09
mdaniels5757	Backports/release branch PRs: https://github.com/NixOS/nixpkgs/pull/466999 https://github.com/NixOS/nixpkgs/pull/466128 https://github.com/NixOS/nixpkgs/pull/466127 https://github.com/NixOS/nixpkgs/pull/465969 https://github.com/NixOS/nixpkgs/pull/467294	03:47:08
mdaniels5757	And finally, unreviewed (and unfortunately harder a bit harder to review, because the version bumps needed included an in-tree formatter bump, sorry): https://github.com/NixOS/nixpkgs/pull/465389	03:48:07
mdaniels5757	Jfc thats a lot	03:48:15
hexa	https://github.com/hedgedoc/hedgedoc/pull/6196 soon. Sandro 🐧	22:30:29
qubitnano	Redacted or Malformed Event	22:30:57
hexa	Redacted or Malformed Event	22:31:32
hexa	* qubitnano: is this security relevant?	22:31:53
qubitnano	Redacted or Malformed Event	22:32:21
hexa	https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 golang	23:31:25
hexa	https://github.com/hedgedoc/hedgedoc/releases/tag/1.10.4	23:31:38
hexa	https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53 urllib3 (mine)	23:31:57
6 Dec 2025
mdaniels5757	Already handled: https://github.com/NixOS/nixpkgs/pull/467201, https://github.com/NixOS/nixpkgs/pull/467287, and backports.	02:06:34
7 Dec 2025
dotlambda	https://github.com/NixOS/nixpkgs/pull/460222 doesn't have a backport to 25.05 yet	05:23:54
8 Dec 2025
	@annaaurora:artemislena.eu changed their display name from Anna Aurora 🏴‍☠️ to Anna Aurora (superseded by: @anna:annaaurora.eu).	09:21:12
	@annaaurora:artemislena.eu left the room.	09:26:19
hexa	https://www.openwall.com/lists/oss-security/2025/12/08/1 pdns-recursor	14:30:39
hexa	* https://www.openwall.com/lists/oss-security/2025/12/08/1 pdns-recursor (@rnhmjoj)	14:30:56
teutat3s	https://docs.docker.com/engine/release-notes/28/ docker 28.5.2 fixes "three high-severity security vulnerabilities in runc": CVEs CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 https://github.com/NixOS/nixpkgs/pull/469004	14:43:21
hexa	https://seclists.org/oss-sec/2025/q4/253 c-ares	17:32:26
hexa	Redacted or Malformed Event	17:32:45
hexa	https://github.com/NixOS/nixpkgs/pull/469041	20:51:42
9 Dec 2025
hexa	Redacted or Malformed Event	01:01:16
hexa	https://github.com/NixOS/nixpkgs/pull/455943	01:01:40
hexa	https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5	01:02:19
hexa	https://github.com/NixOS/nixpkgs/pull/469130	01:02:25
dotlambda	Not sure if we have more users of Magick.NET: https://github.com/NixOS/nixpkgs/pull/469163	03:20:39

There are no newer messages yet.

Back to Room ListRoom Version: 6