| 22 Apr 2026 |
 vcunat | CVE-2026-4367: libXpm Out-of-bounds read
https://lists.x.org/archives/xorg-announce/2026-April/003690.html | 06:21:10 |
| vcunat | * CVE-2026-4367: libXpm Out-of-bounds read
https://lists.x.org/archives/xorg-announce/2026-April/003690.html
EDIT: it's not small, Rebuild: linux 20383, darwin 8538 | 07:11:46 |
 flx | https://github.com/NixOS/nixpkgs/pull/512277 | 08:50:52 |
| 23 Apr 2026 |
 Scrumplex | NixOS is probably less affected than others, but there is a high severity fix for packagekit here:
https://github.com/NixOS/nixpkgs/pull/512652
See https://www.openwall.com/lists/oss-security/2026/04/22/6 | 06:42:42 |
|  Paul joined the room. | 16:12:57 |
|  Hythera joined the room. | 21:04:24 |
| Hythera | All PRs approved by at least one of their respected maintainers; would be nice if someone could take a look at them :)
https://github.com/NixOS/nixpkgs/pull/511009
https://github.com/NixOS/nixpkgs/pull/511515
https://github.com/NixOS/nixpkgs/pull/512781 | 21:06:30 |
|  John joined the room. | 22:31:28 |
|  gigacode joined the room. | 23:55:08 |
| 24 Apr 2026 |
|  Matthew Hiles joined the room. | 00:51:35 |
| 27 Apr 2026 |
 Samuel Dionne-Riel | "old" PR for gdk-pixbuf bump includes a security fix (not clearly outlined in their changelog): https://github.com/NixOS/nixpkgs/pull/507383 | 14:02:16 |
| vcunat | About urgency... is it bad for 32-bit systems only? | 14:10:54 |
| vcunat | (thinking of that because of staging-next-25.11 in progress) | 14:11:13 |
| Samuel Dionne-Riel | I don't know if I have the knowledge to state for sure, but “64-bit exploitation primitives verified”, just demonstrated on 32-bit? | 14:12:22 |
| vcunat | Ah, right. I read the line but missed the "exploitation" word and thus didn't get the meaning. | 14:13:39 |
| Paul left the room. | 14:16:56 |
| vcunat | Considering the rebuild amount etc, I pulled it to staging-next-25.11 as well. | 14:26:18 |
|  Ninja joined the room. | 14:39:05 |
 stigo | Btw, if someone feels like merging this: https://github.com/NixOS/nixpkgs/pull/513690 (CryptX rng+fork() bug) | 19:14:18 |
| 28 Apr 2026 |
|  Aangularity joined the room. | 04:38:20 |
| Samuel Dionne-Riel | https://github.com/NixOS/nixpkgs/pull/512192#issuecomment-4339118013 | 21:16:29 |
 hexa | https://www.openwall.com/lists/oss-security/2026/04/28/20 | 23:45:11 |
 whispers [& it/fae] | looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball has the correct line. | 23:55:36 |
| whispers [& it/fae] | looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball (decompressed from traceroute/traceroute.c) has the correct line. | 23:56:02 |
| whispers [& it/fae] | looks like a non-issue: https://seclists.org/oss-sec/2026/q2/257. our source tarball (decompressed from traceroute.src) has the correct line. | 23:56:12 |
| whispers [& it/fae] | looks like a non-issue: https://www.openwall.com/lists/oss-security/2026/04/28/22. our source tarball (decompressed from traceroute.src) has the correct line. | 23:58:53 |
| 29 Apr 2026 |
| hexa | https://www.openwall.com/lists/oss-security/2026/04/29/1 starman stigo | 00:19:07 |
| stigo | https://github.com/NixOS/nixpkgs/pull/514601 | 00:52:28 |
| hexa | Scrumplex curl | 07:44:43 |
| hexa | Redacted or Malformed Event | 07:45:11 |
