!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

639 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22200 Servers

Load older messages


SenderMessageTime
4 Jul 2025
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all) *

https://nvd.nist.gov/vuln/detail/CVE-2025-6817 | https://github.com/HDFGroup/hdf5/issues/5572
https://nvd.nist.gov/vuln/detail/CVE-2025-6816 | https://github.com/HDFGroup/hdf5/issues/5571
https://nvd.nist.gov/vuln/detail/CVE-2025-6750 | https://github.com/HDFGroup/hdf5/issues/5549
https://nvd.nist.gov/vuln/detail/CVE-2025-6516 | https://github.com/HDFGroup/hdf5/issues/5581
https://nvd.nist.gov/vuln/detail/CVE-2025-6270 | https://github.com/HDFGroup/hdf5/issues/5580
https://nvd.nist.gov/vuln/detail/CVE-2025-6269 | https://github.com/HDFGroup/hdf5/issues/5579

hdf5 doesn't have a new release, and none of these CVEs have patches yet either. I'll be watching the issues, i have my own projects that depend on hdf5 (bachelors thesis) but figured i might as well post these here too. Fix will likely only come out in September.

08:00:54
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all)assimp: https://github.com/NixOS/nixpkgs/pull/422357 CVE-2025-2751: GHSA-345v-qrhv-w227 CVE-2025-2757: GHSA-4p6w-747g-444c CVE-2025-2750: GHSA-6x45-4j6r-r8x8 CVE-2025-3158: GHSA-6r79-vpvw-rfjj10:42:06
@k900:0upti.meK900image.png
Download image.png
10:42:56
@emilazy:matrix.orgemily K900: oh yeah I ran into a fun thing 11:06:15
@emilazy:matrix.orgemilyer11:06:24
@emilazy:matrix.orgemilywrong room sorry11:06:26
6 Jul 2025
@jammie:matrix.org@jammie:matrix.org left the room.02:28:02
@cathal_mullan:matrix.orgCathal changed their display name from CJ to Cathal.17:17:33
7 Jul 2025
@leona:leona.isleonahttps://github.com/NixOS/nixpkgs/pull/421805 keycloak security update06:51:59
@saiko:knifepoint.netKatalin 🔪 changed their display name from Katalin ⚧︎ to Katalin 🔪.23:27:41
9 Jul 2025
@jonhermansen:matrix.orgjonhermansen joined the room.01:01:41
@phileas:asra.grsyd installs gentoo (they/them)https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 git clone --recursive RCE CVE-2025-4838411:10:20
@k900:0upti.meK900 Known, we're deciding how to best handle it 11:21:38
10 Jul 2025
@vcunat:matrix.orgvcunat

I just noticed our intel-media-sdk; upstream says

This project will no longer be maintained by Intel.
This project has been identified as having known security escapes.

We use it in particular in ffmpeg-full. No idea how big a risk it is in there.

08:32:52
@hexa:lossy.networkhexahttps://security-tracker.debian.org/tracker/source-package/intel-mediasdk12:14:24
@hexa:lossy.networkhexaremoved from debian in 2024-1012:15:01
@hexa:lossy.networkhexaother distros, e.g. fedora, are still shipping it12:15:10
@hexa:lossy.networkhexa -> #security-discuss:nixos.org 12:16:15
@vcunat:matrix.orgvcunat

gnutls had a security release yesterday:
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html

Maybe I could have a look within several hours.

12:17:14
@vcunat:matrix.orgvcunat25.05 will probably need to pick the CVE patches. For staging: https://github.com/NixOS/nixpkgs/pull/42409516:38:33
@fr0de_0xa:matrix.orgFred Lahde joined the room.18:48:25
11 Jul 2025
@importantblimp:matrix.orgimportantblimp joined the room.09:54:49
@felix.schroeter:scs.ems.hostFelix Schröter joined the room.16:58:53
12 Jul 2025
@hexa:lossy.networkhexahttps://github.com/NixOS/nix/security/advisories/GHSA-qc7j-jgf3-qmhg12:15:00
@emilazy:matrix.orgemily handling nixVersions.git 13:22:35
@emilazy:matrix.orgemilyhttps://github.com/NixOS/nixpkgs/pull/42459313:33:13
@emilazy:matrix.orgemilytesting build on Darwin, if someone could get Linux that would be cool13:33:24
@xokdvium:matrix.orgSergei Zimmerman (xokdvium) joined the room.14:08:27
@xokdvium:matrix.orgSergei Zimmerman (xokdvium) Backport bot having issues on emily's PR. Manual backport I've opened at the same time https://github.com/NixOS/nixpkgs/pull/424592.
Will merge when darwin build finishes.
14:10:48
14 Jul 2025
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all) *

https://nvd.nist.gov/vuln/detail/CVE-2025-6817 | https://github.com/HDFGroup/hdf5/issues/5572
https://nvd.nist.gov/vuln/detail/CVE-2025-6816 | https://github.com/HDFGroup/hdf5/issues/5571
https://nvd.nist.gov/vuln/detail/CVE-2025-6750 | https://github.com/HDFGroup/hdf5/issues/5549
https://nvd.nist.gov/vuln/detail/CVE-2025-6516 | https://github.com/HDFGroup/hdf5/issues/5581
https://nvd.nist.gov/vuln/detail/CVE-2025-6270 | https://github.com/HDFGroup/hdf5/issues/5580
https://nvd.nist.gov/vuln/detail/CVE-2025-6269 | https://github.com/HDFGroup/hdf5/issues/5579
https://nvd.nist.gov/vuln/detail/CVE-2025-7069 | https://github.com/HDFGroup/hdf5/issues/5550
https://nvd.nist.gov/vuln/detail/CVE-2025-7068 | https://github.com/HDFGroup/hdf5/issues/5578
https://nvd.nist.gov/vuln/detail/CVE-2025-7067 | https://github.com/HDFGroup/hdf5/issues/5577

hdf5 doesn't have a new release, and none of these CVEs have patches yet either. I'll be watching the issues, i have my own projects that depend on hdf5 (bachelors thesis) but figured i might as well post these here too. Fix will likely only come out in September.

07:07:15

There are no newer messages yet.


Back to Room ListRoom Version: 6