!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

652 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22202 Servers

Load older messages

SenderMessageTime
10 Sep 2025
@nerves:bark.lgbt@nerves:bark.lgbt left the room.12:31:55
@sandro:supersandro.deSandro 🐧First time seeing a test without a module 😅13:06:47
@niklaskorz:matrix.orgniklaskorzthe freshly dropped minecraft package had one too! (oops this is triage, not discussion)13:07:23
@matshch:matrix.orgArtem Leshchev joined the room.16:20:25
@matshch:matrix.orgArtem Leshchev set a profile picture.16:25:49
11 Sep 2025
@k900:0upti.meK900It's a day that ends in Y16:15:35
@k900:0upti.meK900And you know what that means16:15:37
@k900:0upti.meK900New! Intel! Side! Channel! Vulns!16:15:43
@k900:0upti.meK900https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.16.716:15:44
@k900:0upti.meK900Can someone please do the thing16:15:48
@qyliss:fairydust.spaceAlyssa Ross I was wondering why I was seeing even more stable kernels 16:17:31
@adam:robins.wtfadamcstephensAMD is also affected16:25:02
@aloisw:julia0815.dealoiswI love how they already vaguely described this years ago when Spectre was published and yet it took until now to actually fix.16:34:59
@pyrox:pyrox.devdish [Fox/It/She]do we have a "days since CPU side channel vulns" counter16:44:04
@pyrox:pyrox.devdish [Fox/It/She]* do we have a "days since new CPU side channel vuln" counter16:44:08
@adam:robins.wtfadamcstephensWhether we did or not, it's 0 today16:44:25
@phanirithvij:matrix.orgloudgolem joined the room.17:50:57
@martijn:boers.emailmartijn changed their profile picture.18:33:51
@hexa:lossy.networkhexahttps://github.com/OpenPrinting/cups/releases/tag/v2.4.1320:36:43
@hexa:lossy.networkhexacan't believe I subscribed to cups releases 🫣20:37:01
@hexa:lossy.networkhexafree for anyone to pick up20:37:28
@hexa:lossy.networkhexa* free for anyone to pick up, the maintainer is AWOL20:37:33
@stigo:matrix.orgstigoIt's ☕️ :D20:52:53
12 Sep 2025
@jordanjoel1:matrix.org@jordanjoel1:matrix.org changed their profile picture.03:27:12
@jordanjoel1:matrix.org@jordanjoel1:matrix.org left the room.03:34:39
@aidalgol:tchncs.de@aidalgol:tchncs.de set a profile picture.09:21:38
@teutat3s:pub.solarteutat3shttps://github.com/NixOS/nixpkgs/pull/44207611:26:51
@sandro:supersandro.deSandro 🐧I would like to bring this package to the attention of the security minded people https://github.com/NixOS/nixpkgs/pull/433307 It is using very old vendored versions of fontforge and poppler, both over 5 years old, and at least poppler contains 10+ CVEs.11:35:13
@teutat3s:pub.solarteutat3shttps://github.com/NixOS/nixpkgs/pull/43999611:44:42
@emilazy:matrix.orgemilyonly been in the tree for 8 hours, let's revert11:45:13

Show newer messages

Back to Room ListRoom Version: 6