!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

636 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22200 Servers

Load older messages


SenderMessageTime
19 May 2025
@oak:universumi.fioak 🏳️‍🌈♥️ changed their display name from oak to oak 🏳️‍🌈♥️.11:00:52
@emilazy:matrix.orgemilyonly for new ones, I think14:58:09
@hexa:lossy.networkhexa* note that we started requiring an active committer on the maintainers list for browsers 😉14:58:33
@hexa:lossy.networkhexanope, we don't do grandfathering for security14:58:47
@grimmauld:grapevine.grimmauld.deGrimmauld (any/all)

I agree that different standards for new vs. existing packages doesn't make sense

make me committer then :P

14:59:02
@hexa:lossy.networkhexasmh14:59:13
@hexa:lossy.networkhexa #security-discuss:nixos.org if you want to continue the banter 😜 14:59:47
@emantor:stratum0.orgEmantor changed their profile picture.19:32:12
20 May 2025
@emilazy:matrix.orgemilyhttps://github.com/NixOS/nixpkgs/pull/409063 https://github.com/NixOS/nixpkgs/pull/40906413:12:40
@emilazy:matrix.orgemily"Patches to fix CVE-2017-12921 and CVE-2017-12925 and possibly CVE-2017-12920." always a good time when the changelog isn't even sure they fixed the CVE13:13:06
@hexa:lossy.networkhexathis is imagemagick, you can always assume a vulnerability lingering13:16:33
@emilazy:matrix.orgemily(fixed aliases merge conflict 🙃)13:24:32
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/05/20/2 openvpn15:30:00
@hexa:lossy.networkhexa

All versions from v20 through v24 are affected. This has been resolved
in OpenVPN 3 Linux v24.1.

15:30:15
@hexa:lossy.networkhexa
nix-repl> :p openvpn3.version
24
15:30:30
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/40911916:37:41
21 May 2025
@zhaofeng:zhaofeng.liZhaofeng Lilibarchive: https://github.com/NixOS/nixpkgs/pull/409300 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 Security fixes mixed with new features, no CVEs assigned as far as I can tell06:46:07
@stigo:matrix.orgstigoI've pinged Red Hat about it, hopefully they will get CVEs fixed10:26:12
@stigo:matrix.orgstigo(MITRE takes ages to repond)10:28:23
@oddlama:matrix.orgoddlama changed their display name from Malte to oddlama.17:42:18
@hexa:lossy.networkhexahttps://github.com/NixOS/nixpkgs/pull/40944523:56:59
23 May 2025
@stigo:matrix.orgstigoRed Hat CNA-LR responded yesterday that they will process the issues11:04:13
@mtheil:scs.ems.hostMarkus Theilhttps://openssl-library.org/news/vulnerabilities/#CVE-2025-457513:18:08
@mtheil:scs.ems.hostMarkus TheilI commented the CVE in https://github.com/NixOS/nixpkgs/pull/397123.13:19:24
@alisonjenkins:matrix.orgAlison Jenkins changed their profile picture.16:05:41
25 May 2025
@hexa:lossy.networkhexahttps://www.openwall.com/lists/oss-security/2025/05/23/215:50:31
@hexa:lossy.networkhexa* https://www.openwall.com/lists/oss-security/2025/05/23/2 ghostscript15:50:49
26 May 2025
@ximnoise:infosec.exchangeximnoise left the room.02:57:15
@ximnoise:infosec.exchangeximnoise joined the room.02:57:30
27 May 2025
@deeok:matrix.orgmatrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) joined the room.07:49:31

Show newer messages


Back to Room ListRoom Version: 6