!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

709 Members
Coordination and triage of security issues in nixpkgs218 Servers

Load older messages

SenderMessageTime
6 Jan 2024
@eyjhb:eyjhb.dk@eyjhb:eyjhb.dk set a profile picture.14:00:00
@jahway603:meowchat.xyz@jahway603:meowchat.xyz left the room.17:29:44
7 Jan 2024
@danielsidhion:nixos.devdanielsidhion joined the room.04:23:06
@iamameatpopsicle:matrix.orgiamameatpopsicle joined the room.17:43:55
8 Jan 2024
@ss:someonex.netSomeoneSerge (matrix works sometimes) changed their display name from SomeoneSerge (UTC+2) to SomeoneSerge (hash-versioned python modules when).04:51:29
@xfix:matrix.org@xfix:matrix.org changed their profile picture.08:58:09
9 Jan 2024
@insurgo:matrix.orgtlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion (Holdays! Expect delays in answers!) to Insurgo aka tlaurion (UTC/GMT-5 : catching up).01:53:12
10 Jan 2024
@philipp:xndr.dephilipp changed their display name from philipp to test.13:47:50
@philipp:xndr.dephilipp changed their display name from test to philipp.13:49:36
@wim:dewith.iowfdewith joined the room.15:05:03
11 Jan 2024
@emantor:stratum0.orgEmantor joined the room.07:45:10
@martijnboers:matrix.orgMartijn joined the room.13:27:40
@insurgo:matrix.orgtlaurion aka Insurgo [ Timezone: ET ] changed their display name from Insurgo aka tlaurion (UTC/GMT-5 : catching up) to Insurgo aka tlaurion [(UTC/GMT)-5].19:54:22
12 Jan 2024
@raitobezarius:matrix.orgraitobezariusThere's a critical security vuln on GItLab atm enabling anyone to send the reset password link anywhere, it's being exploited in the wild: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/#account-takeover-via-password-reset-without-user-interactions14:48:02
@hexa:lossy.networkhexa was communicated 15 hours ago in #gitlab:nixos.org 14:54:52
@hexa:lossy.networkhexaand a fix has since been merged14:55:03
@hexa:lossy.networkhexafor reference: https://github.com/NixOS/nixpkgs/pull/28036914:55:17
@raitobezarius:matrix.orgraitobezariuswell amazing people!14:55:30
@yadhukrishnam:matrix.orgyadhukrishna joined the room.18:59:11
@yadhukrishnam:matrix.orgyadhukrishnahow to report security issues to nixos?18:59:34
@k900:0upti.meK900You can post here18:59:42
@raitobezarius:matrix.orgraitobezariusThere's a security team on the homepage18:59:46
@k900:0upti.meK900If it's something that requires privacy, email security@nixos.org18:59:51
@k900:0upti.meK900Or any of the security team members19:00:12
@k900:0upti.meK900Actually never mind security@nixos.org doesn't exist19:01:04
@k900:0upti.meK900I'm not sure why I thought it existed19:01:09
@hakmark:matrix.orghakmark joined the room.19:02:00
13 Jan 2024
@hexa:lossy.networkhexa
In reply to @yadhukrishnam:matrix.org
how to report security issues to nixos?
We've received your report and are looking into it 		12:26:12
@r_i_s:matrix.orgris_time for some controversy https://github.com/NixOS/nixpkgs/pull/28083523:24:09
@raitobezarius:matrix.orgraitobezariuslgtm23:24:30

Show newer messages

Back to Room ListRoom Version: 6