| 17 Jun 2025 |
 hexa | * https://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/ K900 Emantor | 14:52:04 |
 K900 | Woo | 14:56:19 |
| K900 | On it | 14:56:22 |
| K900 | xwayland: https://github.com/NixOS/nixpkgs/pull/417568 | 15:00:26 |
| K900 | And xorgserver (staging): https://github.com/NixOS/nixpkgs/pull/417569 | 15:03:29 |
| hexa | https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx unmaintained 😕 | 22:02:13 |
| hexa | * https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx unmaintained in nixpkgs 😕 | 22:02:17 |
| hexa |
Systems are vulnerable if they use pam_namespace to polyinstantiate a directory
| 22:02:49 |
| hexa | https://www.openwall.com/lists/oss-security/2025/06/17/5 libblockdev/udisks Jan Tojnar | 22:06:45 |
| 18 Jun 2025 |
 Jan Tojnar | thanks, opened https://github.com/NixOS/nixpkgs/pull/417763 | 07:20:55 |
 leona | can look in around 8 hours if no one beats me to that | 07:51:03 |
 h0nig2k | https://github.com/NixOS/nixpkgs/pull/417898 for CVE-2025-46727 (please backport to 25.05 as well, thank you) | 15:52:17 |
 vcunat | updated X too soon
A fix will be issued in xorg-server-21.1.18 and xwayland-24.1.8 shortly.
https://lists.x.org/archives/xorg-announce/2025-June/003611.html
| 16:08:45 |
| hexa | Redacted or Malformed Event | 16:23:13 |
| hexa | Redacted or Malformed Event | 16:23:39 |
