!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

702 Members
Coordination and triage of security issues in nixpkgs216 Servers

Load older messages

SenderMessageTime
18 Jan 2026
@nam3l33ss:matrix.org·☽•Nameless☆•777 · ± changed their profile picture.14:58:44
@balabala888:matrix.orgNightfan joined the room.17:42:00
20 Jan 2026
@wim:dewith.iowfdewith changed their display name from Wim de With to wfdewith.10:45:07
@wim:dewith.iowfdewithfreerdp: https://github.com/NixOS/nixpkgs/pull/48191210:45:16
@teutat3s:pub.solarteutat3smastodon: https://github.com/mastodon/mastodon/releases/tag/v4.5.5 | one high DoS vuln with a score of 7.5/1017:12:18
@teutat3s:pub.solarteutat3s* mastodon: https://github.com/mastodon/mastodon/releases/tag/v4.5.5 | one high DoS vuln with a score of 7.5/10 | https://github.com/mastodon/mastodon/security/advisories/GHSA-gg8q-rcg7-p79g17:13:00
@teutat3s:pub.solarteutat3shttps://github.com/NixOS/nixpkgs/pull/48202123:29:06
21 Jan 2026
@hexa:lossy.networkhexahttps://seclists.org/oss-sec/2026/q1/98 bind916:34:03
@ma27:nicht-so.sexyma27

another one for glibc: https://www.openwall.com/lists/oss-security/2026/01/20/3

will do the patching tomorrow, off to bed now.

22:19:43
@ma27:nicht-so.sexyma27

There is no known application impact for this CVE, and the feature is generally non-functional with the two flags.

doesn't seem too bad anyways
(from https://sourceware.org/bugzilla/show_bug.cgi?id=33814)

22:21:09
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/48246423:12:35
24 Jan 2026
@leona:leona.isleona https://www.openwall.com/lists/oss-security/2026/01/23/8 cpython hexa 20:34:08
@hexa:lossy.networkhexaI'm aware, was contemplating waiting for a release, because all were medium20:34:40
@hexa:lossy.networkhexaper https://peps.python.org/pep-0719/ that would be Feb 3rd20:36:07
@hexa:lossy.networkhexasame for 3.14 per https://peps.python.org/pep-0745/20:36:41
@vcunat:matrix.orgvcunatIt would be nice to get a review on libxml2 patching: https://github.com/NixOS/nixpkgs/pull/48084420:45:20
@vcunat:matrix.orgvcunat So that we can pull this stdenv rebuild into staging-next-25.11 soon. 20:45:48
25 Jan 2026
@cve:entropia.de@cve:entropia.de left the room.16:11:42
@hedgemage:unredacted.org@hedgemage:unredacted.org left the room.19:11:47
@tim:stratum0.orgdadada changed their profile picture.20:33:59
@tim:stratum0.orgdadada changed their profile picture.20:39:02
@tim:stratum0.orgdadada changed their profile picture.21:17:38
27 Jan 2026
@whispers:catgirl.cloudwhispers [& it/fae] changed their display name from whispers (it/fae) to whispers [& it/fae].02:51:44
@sigmasquadron:matrix.orgSigmaSquadronXSAs #477 and #479: https://github.com/NixOS/nixpkgs/pull/48437012:09:22
@tgerbet:matrix.orgtgerbetGnuPG with possible RCE https://www.openwall.com/lists/oss-security/2026/01/27/817:47:11
@tgerbet:matrix.orgtgerbetSame for OpenSSL https://www.openwall.com/lists/oss-security/2026/01/27/517:49:08
@tgerbet:matrix.orgtgerbetThe possible RCE does not impact the 2.4.x branch we are using apparently17:53:11
@vcunat:matrix.orgvcunatI'll update it.18:27:10
@vcunat:matrix.orgvcunathttps://github.com/NixOS/nixpkgs/pull/48446318:28:37
28 Jan 2026
@vcunat:matrix.orgvcunatOlder openssl branch: https://github.com/NixOS/nixpkgs/pull/48464107:37:03

Show newer messages

Back to Room ListRoom Version: 6