!ZRgXNaHrdpGqwUnGnj:nixos.org

NixOS Security Triage

652 Members
Coordination and triage of security issues in nixpkgs | Discussions in #security-discuss:nixos.org | Open PRs: https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+is%3Aopen+sort%3Aupdated-desc+label%3A%221.severity%3A+security%22202 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
24 Jul 2025
@h0nig2k:matrix.orgh0nig2k* does someone already have sqlite CVE 7.2 CVE-2025-6965 this on his/her radar? https://github.com/NixOS/nixpkgs/issues/42803312:30:58
@k900:0upti.meK900Please search existing PRs before posting: https://github.com/NixOS/nixpkgs/pull/42083712:32:02
@h0nig2k:matrix.orgh0nig2k @K900 the PR is for unstable, the issue was created for 25.05 13:30:59
@ma27:nicht-so.sexyma27
In reply to @ma27:nicht-so.sexy
preparing an update anyways.
https://github.com/NixOS/nixpkgs/pull/428072 		14:20:38
@xayomer:kif.rocks@xayomer:kif.rocks left the room.16:09:16
@vcunat:matrix.orgvcunat25.05 proposal: https://github.com/NixOS/nixpkgs/pull/42812118:02:30
25 Jul 2025
@niklaskorz:matrix.orgniklaskorz Nvidia legacy driver 535 update addressing CVE-2025-23286 ("vulnerability where an attacker may access sensitive system-level information"): https://github.com/NixOS/nixpkgs/pull/428379 16:18:55
26 Jul 2025
@oak:universumi.fioak 🏳️‍🌈♥️ changed their profile picture.08:28:43
27 Jul 2025
@nullcube:matrix.orgNullCube joined the room.04:50:47
31 Jul 2025
@sammy:cherrykitten.gaysammy (It/Its) joined the room.09:39:32
@sammy:cherrykitten.dev@sammy:cherrykitten.dev left the room.09:39:40
1 Aug 2025
@tejing:matrix.org@tejing:matrix.org joined the room.02:15:38
@tejing:matrix.org@tejing:matrix.orgGiven that it's addressing an RCE, I'd appreciate a quick turnaround on https://github.com/NixOS/nixpkgs/pull/429899 (The bot's review isn't relevant in this case)02:17:54
@tejing:matrix.org@tejing:matrix.orgThanks!03:23:39
@tejing:matrix.org@tejing:matrix.org left the room.03:55:47
2 Aug 2025
@saiko:knifepoint.net@saiko:knifepoint.net changed their profile picture.00:27:56
@hexa:lossy.networkhexa https://webkitgtk.org/security/WSA-2025-0005.html cc Jan Tojnar 13:42:11
@tgerbet:matrix.orgtgerbethttps://github.com/NixOS/nixpkgs/pull/43015114:02:40
5 Aug 2025
@hexa:lossy.networkhexahttps://lists.busybox.net/pipermail/busybox/2025-August/091665.html17:12:19
@hexa:lossy.networkhexa* https://lists.busybox.net/pipermail/busybox/2025-August/091665.html 0day17:13:27
@hexa:lossy.networkhexa* https://lists.busybox.net/pipermail/busybox/2025-August/091665.html busybox 0day17:13:30
@qyliss:fairydust.spaceAlyssa Ross"I am happy to observe a 30-day embargo", they say, in a message to a public lits17:14:23
@qyliss:fairydust.spaceAlyssa Ross * 17:14:25
@hexa:lossy.networkhexayeah 🤦‍♂️hence 0day17:14:43
@k900:0upti.meK900oofe17:14:46
@hexa:lossy.networkhexapeople in all security rooms I'm in are facepalming17:14:57
@qyliss:fairydust.spaceAlyssa Rosstbf it's not like busybox is maintained anyway17:15:18
@qyliss:fairydust.spaceAlyssa Rossso the 30 days is probably not going to make a substantial difference17:15:50
@qyliss:fairydust.spaceAlyssa Rossoh wow, lots of commits recently17:16:13

Show newer messages

Back to Room ListRoom Version: 6