!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

667 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22208 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
1 Aug 2025
@tejing:matrix.org@tejing:matrix.orgThanks!03:23:39
@tejing:matrix.org@tejing:matrix.org left the room.03:55:47
2 Aug 2025
@saiko:knifepoint.net@saiko:knifepoint.net changed their profile picture.00:27:56
@hexa:lossy.networkhexa https://webkitgtk.org/security/WSA-2025-0005.html cc Jan Tojnar 13:42:11
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/43015114:02:40
5 Aug 2025
@hexa:lossy.networkhexahttps://lists.busybox.net/pipermail/busybox/2025-August/091665.html17:12:19
@hexa:lossy.networkhexa* https://lists.busybox.net/pipermail/busybox/2025-August/091665.html 0day17:13:27
@hexa:lossy.networkhexa* https://lists.busybox.net/pipermail/busybox/2025-August/091665.html busybox 0day17:13:30
@qyliss:fairydust.spaceAlyssa Ross"I am happy to observe a 30-day embargo", they say, in a message to a public lits17:14:23
@qyliss:fairydust.spaceAlyssa Ross * 17:14:25
@hexa:lossy.networkhexayeah 🤦‍♂️hence 0day17:14:43
@k900:0upti.meK900oofe17:14:46
@hexa:lossy.networkhexapeople in all security rooms I'm in are facepalming17:14:57
@qyliss:fairydust.spaceAlyssa Rosstbf it's not like busybox is maintained anyway17:15:18
@qyliss:fairydust.spaceAlyssa Rossso the 30 days is probably not going to make a substantial difference17:15:50
@qyliss:fairydust.spaceAlyssa Rossoh wow, lots of commits recently17:16:13
@qyliss:fairydust.spaceAlyssa Rossmaybe I should resend my patch17:16:19
@qyliss:fairydust.spaceAlyssa Ross(sorry, just realised this is triage)17:16:27
@hexa:lossy.networkhexa Alyssa Ross: patch from ariadne https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?__goaway_challenge=cookie&__goaway_id=798fc2a5dc35e31635444270e8cca34a&id=9e42dea5fba84a8afad1f1910b7d3884128a567e 22:55:39
6 Aug 2025
@qyliss:fairydust.spaceAlyssa Ross
In reply to @hexa:lossy.network
Alyssa Ross: patch from ariadne https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch?__goaway_challenge=cookie&__goaway_id=798fc2a5dc35e31635444270e8cca34a&id=9e42dea5fba84a8afad1f1910b7d3884128a567e
Does Busybox rebuild every NixOS test? 		06:41:34
@hexa:lossy.networkhexaI don't know10:44:02
@hexa:lossy.networkhexa Alyssa Ross: yeah, looks like it does 🫣 15:47:16
@qyliss:fairydust.spaceAlyssa RossKeep it for the Friday kernel updates then?15:47:37
@hexa:lossy.networkhexasgtm15:47:43
@qyliss:fairydust.spaceAlyssa Rossleft a comment15:48:14
@sandro:supersandro.deSandroYou need to strip the query strings otherwise the link is dead .... https://git.alpinelinux.org/aports/tree/main/busybox/0001-tar-fix-TOCTOU-symlink-race-condition.patch23:35:43

Show newer messages

Back to Room ListRoom Version: 6